I've been experimenting some weird problem with the log generated by McAfee HIPS. I wrote a quick python script that perform 100 requests to a website and for some reason that I don't understand, I see "blocked incoming traffic" even if the connection is not yet established !
I've uninstalled the Microsoft QoS driver from the wireless card just in case that it was interfering with the packet order ... and fire up Wireshark to see if my script was doing anything weird but all requests are made exactly the same way.
I'm using McAfee HIPS 220.127.116.1161 build 2919.
Any ideas why it's causing this ? Is there a patch available ?
Is it a false positive ? It looks like it is, the data is received even if it's written has blocked.
Additional information :
EDIT (additional information)
Problem seems to be similar to this one: HIPS firewall blocks incoming UDP 53, and 389 on windows 8.1
However, it looks like it covers all the ports and the protocol no matter what the interface that is being used...
I've tested on HTTPs too, working on a proof of concept for UDP (DNS, LDAP).
EDIT 2 (additional information)
McAfee HIPS on Windows 8 is randomly sending spurious packet even after a FIN, ACK has been sent by the client.