Hi, Wonder if anyone else has came across a similar issue or knows a way around the McAfee core networking rule group in the ENS Firewall Rules policy.
In our old HIPS Firewall policy our catch all rule at the bottom of the policy would block trace routes to external services as it didnt match any of the other rules specified.
Now however, since McAfee have added "McAfee Core Networking" group which includes the following rule "Allow outbound system applications", application such as the command line match this rule and allow trace routes to external services.
Because this is part of the default policy you cant remove it or even add a rule above ... Seems a bit crazy to allow anything within the "System" directory outbound access and not provide the ability to block. Our organisation in the past has relied on HIPS to block trace routes.
I have had a look at the old HIPS firewall policy and this rule was 100% not present
Any advice would be appreciated
Accepted Solutions
Hi, not sure if you seen it but there is a setting in the Firewall Options policy to disable McAfee core networking rules. I played around with this setting as well trying to figure out if we could get around not using that group of rules, I found it easier to just leave it with the defaults.
If you disable this option I am not sure it will fix your issue or cause more, it could be worth a try. I believe you will need to create other rules to allow certain traffic based on what is in the core networking group.
If you do enable this keep in mind you only see the rules that get disabled on the client side for ENS, don't think this has been changed.
Hope this helps.
Scott
Hi, not sure if you seen it but there is a setting in the Firewall Options policy to disable McAfee core networking rules. I played around with this setting as well trying to figure out if we could get around not using that group of rules, I found it easier to just leave it with the defaults.
If you disable this option I am not sure it will fix your issue or cause more, it could be worth a try. I believe you will need to create other rules to allow certain traffic based on what is in the core networking group.
If you do enable this keep in mind you only see the rules that get disabled on the client side for ENS, don't think this has been changed.
Hope this helps.
Scott
You Deserve an Award
Community Help Hub
- Find Forum FAQs
- Learn How to Earn Badges
- Ask for Help
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Join the Community
- Get helpful solutions from product experts.
- Stay connected to product conversations that matter to you.
- Participate in product groups led by employees.
Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:
