I confirmed via Wireshark capture that the traffic is tcp 8913. I have created a new firewall rule in ENS for this traffic, and performed an Agent Wake-Up call with Force complete policy and task update option checked, and still can't connect to the SMC on tcp 8913. I have no events in EPO>Threat Events, in Firewall Activity Log, nor in Events in the ENS UI that shows this traffic being blocked. However there is no other endpoint product installed on either device (my workstation or the SMC server), and this traffic worked prior to the 10.2. upgrade. Calling support right after I post this.
After over an hour with support still can't get this to work and also with debugging on there are no log entries in any location. Also we confirmed that we can disable the firewall via EPO and the traffic (SMC - correction - from my workstation to the SMC server, not to the firewalls) will work so this is certainly ENS related. I had firewall changes to make so I had to uninstall ENS on the SMC server and leave the ENS firewall disabled on my workstation before I could make those changes. MERs from the EPO server and from the server and my workstation, were submitted to support.
I am same issues. With ENS 10.5, problem is although in local system logs i could find the blocked traffic but on EPO console i have no clue what is happening. earlier in HIPS firewall events were logged in EPO and we had an option to create 1 click expection to quickly resolve the issue. this is critical feature which is not supported on ENS. need to fix this.
1) Add a Policy catalog under Endpoint Security Firewall :Firewall > Rules > Mydefault
2) Add firewall Rule as to allow TCP ports 5900,5800 in both direction
3) Under application add file Executables path as C:\Program Files (x86)\TightVNC\* ,C:\Program Files\TightVNC
3) Save and Assign
4) for debug check log under C:\ProgramData\McAfee\Endpoint Security\Logs\FirewallEventMonitor.log
Note: Moved out of Moderation Queue.