0 Replies Latest reply on Nov 6, 2013 9:32 AM by grnoval

    McAfee vscan 8.8 + HIPS + firewall - configuration methods....

    grnoval

      ok, so its been a while since I last used ePO (7 years in fact), so i'm playing catchup

       

      Anyways, we have ePO 4.5 in place, and i've got a couple of questions with regards to the firewall

       

      1) As useful as the "get out of jail" rules are, I don't want them interfering with my carefully planned whitelist.  So I've found the HKLM\Software\McAfee\HIP\enableAgentWakeupPort and enableePOServerList keys and set them to 0.  This has worked fine with windows 7 (physical and vmware VDI) and windows 2008 R2 server.  But on windows 2012 server it doesn't seem to have the same effect.  I'm running HIPS patch 3 on the 2012 server, is there something else I need to do?  The registry key is slightly different on 2012 - HKLM\Software\Wow6432Node\McAfee\HIP and i've also tried adding in the previous key just in case the agent was looking in the old location.

       

      2) In designing my new environment, i'm trying to keep things as "standard" as possible.  But sure as eggs is eggs, I have some bits of software that require different configs, and its going to play merry hell with my clean firewall ruleset.  So, in order to keep things under control, is it possible to apply firewall (and vscan come to that) rules/configurations based on AD group memberships?  for instance - If I have a global firewall requirement which doesn't allow access on TCP1766, but I have 3 users that require that for a specific application, instead of having to create a new OU and have a different configuration in that branch, is it possible to have "IF AD group = 1766 then add source local:1766 destination specifc server:1766 to the outbound firewall rule"  or "If AD group = smtp then switch off smtp blocking from access protection policies and enable port 25 either way on firewall"

       

      Many thanks