Hi, we're using McAfee HIPS 8.0 with ePo 126.96.36.1992 and are randomly experiencing problems when our users are connected to WiFi. Users get the message that there is no Internet Connection and I saw in activity log that incoming TCP and UDP traffic (dns service, rdp..) is being blocked (using last rule, which is "block all traffic"). This happens only when they're connected to WiFi-no problems with LAN. But every Firewall Policy rules alre build for wired and wireless media types.
Has anyone had this problems before??
Moved provisionally from Security Awareness to HIPS for better support.
This might be Firewall-related; some type of blocked network traffic. Disable the HIPS Firewall and see if this resolves the issue.
KB67055 – How to troubleshoot a network facing application, or traffic is blocked by Host Intrusion Prevention firewall
Or, it could be conflicting with the QoS software (known issues). Try uninstalling and rebooting the Microsoft QoS driver.
KB72097 -LAN / Wi-Fi / VPN Client / network connection fails to connect with Host Intrusion Prevention 8.0 / 7.0
Also, verify if you are using a current HIPS 8.0 build. 188.8.131.522 is recommended for testing this issue.
KB70725 - Host Intrusion Prevention 8.0 patch and hotfix version information (Master)
Hi, thanks for your suggestions, I'll try them.
One strange thing is, that only users in one office are having this issues. The only difference to the other offices is, that we use in this specific office different networks for LAN und WLAN. So if they are in WLAN AND LAN, they have two network interfaces which are in different networks..
HIPS is blocking just the incoming traffic.. so e.g. I send out a DNS request and the incoming packet is being blocked, even if we have configured the rule
"allow outgoing DNS UDP packet 53".. it blocks with the last rule, which is "block all traffic"..so it looks like this stateful behaviour is not working...
I have configured a rule which allows both directions for dns(UDP 53) and did not have any problems since then, but this is a security vulnerability,so I am not allowed to roll this out to all clients...
Nachricht geändert durch renata.petrasova on 23.10.13 07:43:31 CDT
Did you ever find resolution to this? I am having the exact same issue except with hips 7.
Are your firewall rules utilizing CAG/LAG Rules? Maybe test with Connection Isolation turned off.
Hi, no. we have not... It seems that updating HIPS to 184.108.40.2061 helped. since then we haven't had any problems. McAfee Support told me to change my DNS rule so it would allow either directions... but right now it doesn't look like it necessary