1 2 Previous Next 10 Replies Latest reply: May 31, 2011 10:47 PM by mcuser999 RSS

    Issues with Mcafee HIPS (Firewall ONLY) version 8


      I installed the Mcafee Client Firewall ONLY version 8 on my PC running XP and I am unable to edit or uncheck the default rules which are pre-set after installing the firewall.

      I can ADD rules and policies but I cannot edit the pre-set rules which does not even make sense to me at all and there useless.




      I just cannot edit these pre-set rules. These pre-defines rules just are useless....

      Why does it have Block ALL Traffic while Allow All Outbound is checked as well.


      And am unable to uncheck these for some reason.  i can go into the properties for these rules, but all the sections are even grayed-out.


      Pleaee help - Thanks in advance.unable_to_edit.JPG


      Message was edited by: mcuser999 on 5/30/11 12:40:33 AM CDT


      Message was edited by: mcuser999 on 5/30/11 1:11:52 AM CDT
        • 1. Re: Issues with Mcafee HIPS (Firewall ONLY) version 8

          Can you please all help?

          How can I edit the pre-defined rules in this version?

          The rules which I posted above in the printscreen will not allow me to edit the rules.


          Also, I did a test by connecting  the internet connection directly to the Modem instead of my router and when I enabled the Firewall, I am unable to browse the web. So i can logon to my Modem from what my ISP gave me, but I cannot browse webpages. Then I disabled the Firewall and everything was OK.

          In HIPS 7, it did not do this at all. Only in this version.

          • 2. Re: Issues with Mcafee HIPS (Firewall ONLY) version 8
            Kary Tankink

            This is as designed.  You cannot edit these rules.  HIPS 8.0 shows all rules now, unlike HIPS 7.0 did (the Block All rule existed, but was hidden from the Client UI view).


            The "Allow all outbound" rule appears if you have no enabled firewall rules in your firewall rule policy.

            The "Block all traffic" is the standard "block all" rule.  It provides the "if not allowed, then block" functionality that most firewalls are designed around.


            Just build out and tune your firewall rules as per Best Practices (from the HIPS 8.0 Install guide).


            Message was edited by: ktankink on 5/31/11 1:47:58 PM CDT
            • 3. Re: Issues with Mcafee HIPS (Firewall ONLY) version 8

              Still VERY confusing indeed.  I will read the manual carefully.

              In version 7 by default right after installation was to BLOCK ALL OUTBOUND traffic, so then I would have to manually configure each application to allow outgoing or in Learn Mode. But version 8 is very confusing. Even when I enable Learn Mode, no window prompts either....This to me is very strange.


              Also, when I enable the firewall with the these pre-defined rules, its not allowing me to use the WAN Mini port PPPoE which i use to connect DIRECTLY via my standard modem without any router. Why is this? With version 7, all went fine.


              Somehow the firewall does not want to allow the standard WAN Mini port using PPPoE. 

              With the router, all works OK. Its just does not work, with the WAN modem itself.


              Why is this?




              Message was edited by: mcuser999 on 5/31/11 2:28:57 PM CDT
              • 4. Re: Issues with Mcafee HIPS (Firewall ONLY) version 8
                Kary Tankink

                With HIPS 7.0, you might have passed PPPOE traffic using the "Allow unsupported protocol traffic" option.  This allows non-IP based protocol traffic to pass through the Firewall/NDIS drivers.


                With HIPS 8.0, you can now create specific rules for non-IP protocol traffic.  In the Firewall rules, there is a list of non-IP protocols to choose from, with a couple being PPPOE traffic.  You can also specify the exact Ethertype number that needs to be passed as well.  Review the Host IPS Activity log for blocked PPPOE traffic.  It will state either one of the non-IP protocols for PPPOE, or an Ethertype number, so you can create a Firewall rule to allow this traffic.  Basically, HIPS 8.0 has improved functionality for specifying non-IP protocol traffic or specific Ethertypes to block/allow.  In HIPS 7.0, it was mostly "all or nothing" functionality.

                • 5. Re: Issues with Mcafee HIPS (Firewall ONLY) version 8

                  Sorry for being a "pest" but seems to be almost clear now.


                  I was wondering that this does not make sense at all because why create rules  when there is already a rule for  ALL TRAFFIC OUTBOUND by default???


                  Still seems to make no sense to me.


                  And when I enable the Learn Modes, no alerts popping up. Why?

                  • 6. Re: Issues with Mcafee HIPS (Firewall ONLY) version 8
                    Kary Tankink

                    Start with a duplicate of a McAfee default ruleset, like Typical Corporate Environment.  This policy does include an Allow Outbound TCP rule, but you can remove this rule if you want.  You will need to build your ruleset according to your company's security policy.  If a blanket Allow all out rule is inappropriate for your environment, then remove the rule and add other rules as needed.


                    Adaptive mode functionality only works if there is no other rule that blocks/allow the traffic and the traffic gets down to the Block all traffic rule.  Please make sure to read the Host IPS Best Practices in the install guide, page 11.


                    PD22891 - Host Intrusion Prevention 8.0 Installation Guide


                    Spelling errors: ktankink on 5/31/11 2:45:05 PM CDT
                    • 7. Re: Issues with Mcafee HIPS (Firewall ONLY) version 8

                      Something in this new version does not appear to be functioning right.

                      I created a rule to block outbound port 80, I am still able to browse the net.


                      Creating other rules will not work since the default rules such as Allow All Outbound is already set. Which ofc ourse allows every traffic.  And if it cannot be edited, then whats the point afterall?


                      If your using version 8 yourself, please a post am image on what you have if do not mind.



                      Message was edited by: mcuser999 on 5/31/11 4:12:12 PM CDT
                      • 8. Re: Issues with Mcafee HIPS (Firewall ONLY) version 8
                        Kary Tankink

                        Are you trying to use the Host IPS product without the McAfee Agent to manage it's policies?  Looking at your screenshot, there should be other default rules that are not included, like Trusted Applications and McAfee Agent Communications.  You must have the McAfee Agent installed and reporting to an ePO server to manage the Host IPS policies and rules.


                        I would suggest opening a McAfee Service Request with our Support team for further assistance.

                        • 9. Re: Issues with Mcafee HIPS (Firewall ONLY) version 8

                          Would you think thats the issue here?

                          Please note, that i am only running the Firewall only.

                          I will open up a service request.


                          Message was edited by: mcuser999 on 5/31/11 4:33:24 PM CDT
                          1 2 Previous Next