cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
hammondo
Level 7
Report Inappropriate Content
Message 1 of 6
‎09-12-2016 08:05 AM

ENS 10.2 - firewall blocked ports

We have had 10.x in our environment, on a small number of select workstations, for over a year now.  With the release of 10.2 I decided it was time to expand this deployment a bit, to a few more workstations and to the few (less than 10) servers that I manage.  I found that 1) the firewall will block ports if there isn't an existing rule related to the traffic - which wasn't a big surprise and 2) the blocking actions don't show up in Threat Events in my EPO console (we are running 5.3.2).  Case in point - our Stonesoft firewalls can't talk to its Log server and offhand I don't know what ports are involved.  It would be nice to see the blocking information yet as reported it isn't present in EPO>Threat Events and also I just checked the Firewall_Activity_Log (C:\Program Data\McAfee\Endpoint Security\Logs\) and don't see any blocking information present there either.

Instead I have to run a sniff to find out what this Stonesoft-to-SMC-Log-Server traffic is (protocol/port pairing).  As it stands I can't even launch the SMC presumably due to this port blocking by ENS.

Steve Miller

City of Renton

0 Kudos
Reply
5 Replies
hammondo
Level 7
Report Inappropriate Content
Message 2 of 6
‎09-12-2016 09:04 AM

Re: ENS 10.2 - firewall blocked ports

I confirmed via Wireshark capture that the traffic is tcp 8913.  I have created a new firewall rule in ENS for this traffic, and performed an Agent Wake-Up call with Force complete policy and task update option checked, and still can't connect to the SMC on tcp 8913.  I have no events in EPO>Threat Events, in Firewall Activity Log, nor in Events in the ENS UI that shows this traffic being blocked.  However there is no other endpoint product installed on either device (my workstation or the SMC server), and this traffic worked prior to the 10.2. upgrade.  Calling support right after I post this.

0 Kudos
Reply
hammondo
Level 7
Report Inappropriate Content
Message 3 of 6
‎09-12-2016 11:48 AM

Re: ENS 10.2 - firewall blocked ports

After over an hour with support still can't get this to work and also with debugging on there are no log entries in any location.  Also we confirmed that we can disable the firewall via EPO and the traffic (SMC - correction - from my workstation to the SMC server, not to the firewalls) will work so this is certainly ENS related.  I had firewall changes to make so I had to uninstall ENS on the SMC server and leave the ENS firewall disabled on my workstation before I could make those changes.  MERs from the EPO server and from the server and my workstation, were submitted to support.

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 4 of 6
‎05-07-2017 06:42 AM

Re: ENS 10.2 - firewall blocked ports

I am same issues. With ENS 10.5, problem is although in local system logs i could find the blocked traffic but on EPO console i have no clue what is happening. earlier in HIPS firewall events were logged in EPO and we had an option to create 1 click expection to quickly resolve the issue. this is critical feature which is not supported on ENS. need to fix this.

Reply
Former Member
Not applicable
Report Inappropriate Content
Message 5 of 6
‎10-11-2017 03:16 AM

Re: ENS 10.2 - firewall blocked ports

1) Add a Policy catalog under Endpoint Security Firewall :Firewall > Rules > Mydefault

2) Add firewall Rule as to allow TCP ports 5900,5800 in both direction

3) Under application add file Executables path as C:\Program Files (x86)\TightVNC\* ,C:\Program Files\TightVNC

3) Save and Assign

4) for debug check log under C:\ProgramData\McAfee\Endpoint Security\Logs\FirewallEventMonitor.log

0 Kudos
Reply
catdaddy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 6
‎10-11-2017 04:07 AM

Re: ENS 10.2 - firewall blocked ports

Note: Moved out of Moderation Queue.

Cliff
McAfee Volunteer
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC