1 of 1 people found this helpful
Try creating a firewall rule in the ePO policy like:
Network Protocol: IP
Remote Address: ANY
Transport protocol: TCP
Local Service: 80 From the event, this is the Destination for an incoming packet.
Remote service: 1024-65535 (high random ports are probably used here) From the event, this is the Source for an incoming packet.
Application: C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE (no hash)
Oh, and also, you've already got a firewall rule that is blocking this traffic. The rule name is at the end of the event. Block System TCP Incoming
Message was edited by: Kary Tankink on 1/11/11 3:29:30 PM CST
> Oh, and also, you've already got a firewall rule that is blocking this traffic. The rule name is at the end of the event. Block System TCP Incoming
That explains it then because I did create a rule similar to what you had before. Unfortunately in our IT's wisdom, they created a bunch of rules including the one you identified and I just found buried under a collapsed item. I can't remove that item and any rule I create goes to the bottom of the list, so I assume McAfee handles the rules in the order in the list, hence being blocked.
IT is unwilling to help since they do not want to support Windows 7 yet but we need it for development. Any idea how I can get my rule to be the one used or remove the one they added? If there's no way to do that, having some way to disable the Firewall completely would also be acceptable. I tried that but in 15 minutes, they turn it all back the way it was.
If it matters, it's McAfee Host Intrusion Prevention 18.104.22.1689 (patch 8).
Firewall rules are processed from top to bottom in the ePO policy. This cannot be overridden locally on client.