8 Replies Latest reply: Feb 3, 2013 8:10 AM by harimca RSS

    Ports need to be open

    harimca

      Hi,

       

      We use security manager plus to install the software patches and service packs for windows PCs. we are getting following while initiating the patches and service pack after installing MCAfee on the PCs.

       

      "Vulnerability Detection 

      Number of Open Ports in the system is 0.

      Troubleshooting Tips

         1. Check whether any Firewall is blocking the ports.

         2. Ports 135, 139, 445 must be open in the target system in order to detect Windows Missing Patches, Service Packs and Inventory. SSH port 22 must be open in the target system if it is Linux"

       

      please help to open the above ports in EPO to sort the issue.

       

      Regards,

      Hari

        • 1. Re: Ports need to be open
          Hayton

          This sounds like an ePO issue so I've moved the post to Business /ePO from Security Awareness

          • 2. Re: Ports need to be open
            JoeBidgood

            I don't think this is necessarily ePO, as ePO or the agent doesn't have the ability to perform any port blocking.

            I suspect it's more likely to be the Access Protection features in VSE. Please check the access protection logs on a client machine - you may find that this is what is blocking access to the ports, in which case you will need to set up exclusions to the AP rules.

             

            HTH -

             

            Joe

            • 3. Re: Ports need to be open
              harimca

              Hi Joe,

               

              Please find the Access Protection log below.

               

              "1/29/2013 6:02:31 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/29/2013 6:02:33 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/29/2013 4:01:02 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/29/2013 4:01:03 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/29/2013 4:15:01 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/29/2013 4:15:01 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/30/2013 4:00:42 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/30/2013 4:00:43 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/30/2013 4:11:07 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/30/2013 4:11:08 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/31/2013 4:03:21 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/31/2013 4:03:24 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/31/2013 4:14:55 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/31/2013 4:14:57 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/31/2013 4:00:59 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/31/2013 4:00:59 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/31/2013 4:07:20 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/31/2013 4:07:21 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/31/2013 6:21:34 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              1/31/2013 6:21:35 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              2/1/2013 4:13:48 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              2/1/2013 4:13:49 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              2/1/2013 5:41:02 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              2/1/2013 5:41:02 AM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              2/1/2013 4:01:11 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              2/1/2013 4:01:11 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              2/1/2013 4:07:06 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\spiceworks_upload.vbs Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read

              2/1/2013 4:07:06 PM Would be blocked by Access Protection rule  (rule is currently not enforced)   C:\WINDOWS\system32\wscript.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Spiceworks\netstat.txt Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read"

               

              Regards,

              Hari

              • 4. Re: Ports need to be open
                Laszlo G

                As for the access protection log there's no rule blocking anything (rule is currently not enforced).

                Do you have any other software like HIPS on this computer?

                • 5. Re: Ports need to be open
                  harimca

                  Ya. MCAfee Host Instrusion Prevention installed on all the Pcs.

                   

                  Regards,

                  Hari

                  • 6. Re: Ports need to be open
                    Laszlo G

                    Well, then the "problem" is caused by HIPS blocking ports by default with its firewall module. You should modify your HIPS-firewall policy to enable using these ports

                    • 7. Re: Ports need to be open
                      harimca

                      Hi Laszlo,

                       

                      I have open all the ports under "Host Intrusion Prevention -> Firewall Rules (windows)" still same issue.

                       

                      Regards,

                      Hari

                      • 8. Re: Ports need to be open
                        harimca

                        Hi Laszlo,

                         

                        I uninstalled HIP on the client PC and the scan completed successfully.

                         

                        Regards,

                        Hari