Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
5172 Views 10 Replies Latest reply: May 31, 2011 10:47 PM by mcuser999 RSS 1 2 Previous Next
mcuser999 Newcomer 25 posts since
Feb 28, 2011
Currently Being Moderated

May 30, 2011 1:11 AM

Issues with Mcafee HIPS (Firewall ONLY) version 8

I installed the Mcafee Client Firewall ONLY version 8 on my PC running XP and I am unable to edit or uncheck the default rules which are pre-set after installing the firewall.

I can ADD rules and policies but I cannot edit the pre-set rules which does not even make sense to me at all and there useless.

 

It has ALLOW ALL OUTBOUND and has BLOCK ALL TRAFFIC.

 

I just cannot edit these pre-set rules. These pre-defines rules just are useless....

Why does it have Block ALL Traffic while Allow All Outbound is checked as well.

 

And am unable to uncheck these for some reason.  i can go into the properties for these rules, but all the sections are even grayed-out.

 

Pleaee help - Thanks in advance.unable_to_edit.JPG

 

Message was edited by: mcuser999 on 5/30/11 12:40:33 AM CDT

 

Message was edited by: mcuser999 on 5/30/11 1:11:52 AM CDT
  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    2. May 31, 2011 1:47 PM (in response to mcuser999)
    Re: Issues with Mcafee HIPS (Firewall ONLY) version 8

    This is as designed.  You cannot edit these rules.  HIPS 8.0 shows all rules now, unlike HIPS 7.0 did (the Block All rule existed, but was hidden from the Client UI view).

     

    The "Allow all outbound" rule appears if you have no enabled firewall rules in your firewall rule policy.

    The "Block all traffic" is the standard "block all" rule.  It provides the "if not allowed, then block" functionality that most firewalls are designed around.

     

    Just build out and tune your firewall rules as per Best Practices (from the HIPS 8.0 Install guide).

     

    Message was edited by: ktankink on 5/31/11 1:47:58 PM CDT
  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    4. May 31, 2011 2:30 PM (in response to mcuser999)
    Re: Issues with Mcafee HIPS (Firewall ONLY) version 8

    With HIPS 7.0, you might have passed PPPOE traffic using the "Allow unsupported protocol traffic" option.  This allows non-IP based protocol traffic to pass through the Firewall/NDIS drivers.

     

    With HIPS 8.0, you can now create specific rules for non-IP protocol traffic.  In the Firewall rules, there is a list of non-IP protocols to choose from, with a couple being PPPOE traffic.  You can also specify the exact Ethertype number that needs to be passed as well.  Review the Host IPS Activity log for blocked PPPOE traffic.  It will state either one of the non-IP protocols for PPPOE, or an Ethertype number, so you can create a Firewall rule to allow this traffic.  Basically, HIPS 8.0 has improved functionality for specifying non-IP protocol traffic or specific Ethertypes to block/allow.  In HIPS 7.0, it was mostly "all or nothing" functionality.

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    6. May 31, 2011 2:45 PM (in response to mcuser999)
    Re: Issues with Mcafee HIPS (Firewall ONLY) version 8

    Start with a duplicate of a McAfee default ruleset, like Typical Corporate Environment.  This policy does include an Allow Outbound TCP rule, but you can remove this rule if you want.  You will need to build your ruleset according to your company's security policy.  If a blanket Allow all out rule is inappropriate for your environment, then remove the rule and add other rules as needed.

     

    Adaptive mode functionality only works if there is no other rule that blocks/allow the traffic and the traffic gets down to the Block all traffic rule.  Please make sure to read the Host IPS Best Practices in the install guide, page 11.

     

    PD22891 - Host Intrusion Prevention 8.0 Installation Guide

     

    Spelling errors: ktankink on 5/31/11 2:45:05 PM CDT
  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    Currently Being Moderated
    8. May 31, 2011 4:17 PM (in response to mcuser999)
    Re: Issues with Mcafee HIPS (Firewall ONLY) version 8

    Are you trying to use the Host IPS product without the McAfee Agent to manage it's policies?  Looking at your screenshot, there should be other default rules that are not included, like Trusted Applications and McAfee Agent Communications.  You must have the McAfee Agent installed and reporting to an ePO server to manage the Host IPS policies and rules.

     

    I would suggest opening a McAfee Service Request with our Support team for further assistance.

1 2 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points