Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2684 Views 7 Replies Latest reply: Mar 1, 2013 2:33 PM by greatscott RSS
BobStasz Newcomer 34 posts since
Apr 1, 2010
Currently Being Moderated

Jan 30, 2013 12:40 PM

Is there a way to not have McAfee HIPs bind to a secondary USB NIC?

Our Firm has a few staff that use a secondary NIC on their machines to access clients networks.  They have a need to allow McAfee HIPs (8.8.0.2198) to bind and monitor traffic on the notebook built-in NIC, but not bind and monitor traffic on a USB external NIC that is being used by a VMWare Virtual machine.  On the Windows 7 system, the external USB NIC properties have all connection uses unchecked, except for the VMWare Bridge Protocol.

 

Ext-USB-NIC-Settings.jpg

 

Previous t HIPs 8.0, McAfee used it's own NDIS Intermediate Filter Miniport.  Now HIPs uses th Microsoft NDIS archetecture.  Per McAfee KB Article:

 

  • HIPS 8.0 on Windows XP & 2003 will use the McAfee Core NDIS Intermediate Filter Miniport driver, since these OSes are limited to Microsoft NDIS 5.0 architecture.  HIPS 8.0 on Windows Vista and higher will utilize the Microsoft NDIS 6.0 architecture.
  • HIPS 7.0 uses only NDIS 5.0 architecture drivers, which are named McAfee NDIS Intermediate Filter Miniport.
  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010

    NDIS 6 bindings are not configurable in the Host IPS product.  I'd be curious to know why the NDIS binding needs to be removed from this external USB NIC device.  Is there an issue caused by this binding?  If so, you might want to report the issue to McAfee Support for further investigation.

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    is a way to design a firewall rule in HIPs to allow all traffic on the secondary NIC being used by the VM, and apply all other rules on the main host built-in NIC?


    HIPS 8.0 does have the ability to apply a firewall rule based on Media Types (Wired/Wireless/Virtual NIC).  I believe VMware NICs will fall under the Virtual NIC category, but it would need to be tested.

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010
    In order for the network awareness selection to allow or disallow traffic on a virtual NIC in the HIPs Firewall, the HIPs product would need to be installed on the Virtual Machine, correct?

     

    HIPS only needs to be installed on the VM Host (it can be installed on virtual Guests, but it's not required).  HIPS will filter the VM traffic using firewall rules if you are using VMWare NAT or Host networks.  If using the VMWare Bridge network, use the Firewall Option ALLOW BRIDGED TRAFFIC in HIPS 8.0 (VM Bridged networks are not supported in HIPS 7.0).

  • greatscott Champion 287 posts since
    Jul 18, 2011

    Why don't you just create a CAG in your firewall ruleset? Structure it like this

     

    Corporate Internal Firewall CAG (criteria is configured to use your IP ranges, DNS servers, WINS server, DHCP server, etc)

    Internal corporate firewall ruleset listed here

    External Companies Firewall CAG (criteria is configured to use the IP ranges of the USB NIC)

    Allow all rule

     

    This way, any traffic matching your company IP ranges is subject to the firewall rules. The traffic matching the the USB NIC traffic, is given an allow all rule.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points