Is there any way to get information, like port or services, that the SAAS inbound firewall blocked? In a couple of cases we have users who are remote desktop into the work PC and are not reporting any difficulties but their home IP is listed several times in the firewall inbound blocked report.
We have the reporting turned on but the level of detail from this is not sufficent. It appears to only provide the source IP and wether it was a banned TCP or UDP block. If this is not possible in Mcafee does anyone have another suggestion. Would running wireshark on a couple endpoint systems be advisable or would the amount of data be too large?