0 Replies Latest reply on Aug 22, 2016 10:32 AM by tlcarpenter

    "McAfee signed applications" in HIP 8.0 and ENS Firewall rules policies

    tlcarpenter

      Are the details of the stock firewall rules included with ePO (I'm running version 5.3.2) documented? For example, if I select "System Tree | Assigned Policies | Product:Endpoint Security Firewall", then click "Rules|My Default", the "Firewall Rules" list includes two items: "Allow McAfee signed applications" and "Allow McAfee signed applications 2". Based on the details of those rules the list of applications those rules would apply to are all the Microsoft-signed McAfee applications but what are those and what access do they need? I want to limit access to/by those applications to the extent possible without preventing my ePO server from functioning as an ePO server but without knowing how to easily identify which applications are involved I'm just guessing.

       

      Similarly, "[trusted]" is displayed in the rules listing "Remote Address" column (I had to enable that being displayed using "Options") for the rule "NetBIOS | Allow inbound NetBIOS sessions". The details of that rule show "Defined Networks" ("Network Type:Remote Network") in the "Networks" section. In this context does "Defined Networks" mean all networks listed in "Firewall Catalog | Item type:Network" or something different?

       

      I'm willing to read more documentation; I think I just need to be pointed in the right direction. Thanks in advance.

       

      Update: looked at some of the ePO help content and have a little more understanding of how/where the "Defined Networks" and "[trusted]" designations I asked about in the second part of my post below may come from - i.e. are "Defined Networks" and the "[trusted]" designation determined by the "Endpoint Security Firewall:Options" policy used with a given "Endpoint Security Firewall:Rules" policy? If that's true I have another question related to "Defined Networks" and the "[trusted]"/"Trusted" designation: there doesn't seem to be a way to use the networks/hosts defined in the "Menu | FIrewall Catalog | Item type:Network" to specify, for example, "Defined Networks" in

      "Endpoint Security Firewall:Options" - am I overlooking something or is that by design?

       

      Are the details of the stock firewall rules included with ePO (I'm running version 5.3.2) documented? For example, if I select "System Tree | Assigned Policies | Product:Endpoint Security Firewall", then click "Rules|My Default", the "Firewall Rules" list includes two items: "Allow McAfee signed applications" and "Allow McAfee signed applications 2". Based on the details of those rules the list of applications those rules would apply to are all the Microsoft-signed McAfee applications but what are those and what access do they need? I want to limit access to/by those applications to the extent possible without preventing my ePO server from functioning as an ePO server but without knowing how to easily identify which applications are involved I'm just guessing.