3 Replies Latest reply on Mar 31, 2016 3:57 PM by eobiont

    Firefox port blocking rule

    guillote

      Hello,

      I'm trying to create a port blocking rule in order to prevent Firefox to browse throught port 80.

       

      I have read KB65718 and I'm not sure if it says that firefox.exe is excluded in ANY port blocking rule or only for "Prevent mass mailing worms from sending mail" rule.

      McAfee KnowledgeBase - Default exclusions for Port Blocking in VirusScan 8.x

       

      Can anyone please clarify and help me achieve my objective.

       

      Thanks in advance

        • 1. Re: Firefox port blocking rule
          eobiont

          If you would like to prevent "Firefox.exe" rom talking on port 80...

           

          In Access Protection., Create a user defined rule.  Make it a port rule, and select port 80.  Then for the process to include put in firefox.exe.  This will block any program named firefox from talking on port 80.

           

          Unfortunately, McAfee protection is pretty basic.  It relies on executable names, so any user can get around this block by renaming firefox.exe to anything else, like foxfire.exe, or IHateMyITDepartment.exe or anything that doesn't match "firefox.exe" and get around your scheme..

           

          All these Access protection rules and process exclusions really count on programs having predictable names.  But filenames are pretty easy for users to change to circumvent your rule..

           

          McAfee protections and exclusions are mostly based on process names.  It is a house of cards.  So easy for users to circumvent and so easy for virus writers to take advantage of.

          • 2. Re: Firefox port blocking rule
            guillote

            Hi eobiont,

            I tested exactly that rule but it doesn't prevent firefox from accessing port 80.

             

            I also tested * as process to include, iexplore and chrome can not browse port 80, but firefox still does.

            • 3. Re: Firefox port blocking rule
              eobiont

              I tested it and it worked for me,  Are you sure the page you are testing against is on port 80 (and not https/ port 443)?