cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mlajoie
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 4
‎06-20-2019 06:14 AM

Using the Firewall to Stop all Network Communications

Jump to solution

 A request was made of me to see if we could use the firewall to stop a machine from communicating to the network.  

My initial thought  was to take all of our subnets and set them as "not trusted".

My second thought was to use domain blocking and block anything to our domain name.

My third thought was to both of the above.

Is there a better way or another way I haven't thought of?

I know that once this is applied, we have to physically go to the machine to get it remediated but that is of less concern

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Accepted Solutions
ktankink
Employee
Employee
Report Inappropriate Content
Message 4 of 4
‎06-24-2019 12:04 PM

Re: Using the Firewall to Stop all Network Communications

Jump to solution
@mlajoie wrote:
I'm OK with that but I'm afraid my customer wants a total blackout on communications - when the need arises.

Hi @mlajoie, this is not possible in ENS Firewall.  Even if you have a BLOCK ALL rule in your ruleset (which is not needed since the ENS Firewall includes a hard-coded, default BLOCK ALL TRAFFIC rule at the bottom of the ruleset) and enable the "Disable McAfee Core Networking" option, there will still be a few Firewall rules that are not disabled and will allow traffic.

Ref KB91206, Section "After I enable the "Disable McAfee core networking rules" feature, why are all the firewall rules inside the McAfee core networking group not disabled?" and "Which McAfee core networking firewall rules are not disabled when I enable the "Disable McAfee core networking rules" feature?").

View solution in original post

0 Kudos
Reply
3 Replies
mmuthuga
Employee
Employee
Report Inappropriate Content
Message 2 of 4
‎06-21-2019 04:21 AM

Re: Using the Firewall to Stop all Network Communications

Jump to solution

You can try below two steps to block most of the communication for the machine.

A block all firewall rule placed at top most position in firewall rule set. Select direction as  either, "Any protocol" for network protocol, "All protocols" for transport protocol, do not specify any network and executable in the rule to create the block all rule.

Select "Disable McAfee core networking rules" option.

 

 

0 Kudos
Reply
mlajoie
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 4
‎06-24-2019 10:38 AM

Re: Using the Firewall to Stop all Network Communications

Jump to solution
Duh. The block all rule -- should've thought of that. That part is working splendidly.

Unfortunately, checking the box had no effect on some of the mcafee networking rules. It is still communicating with ePO. I'm OK with that but I'm afraid my customer wants a total blackout on communications - when the need arises.

Anything else you can think of?
0 Kudos
Reply
ktankink
Employee
Employee
Report Inappropriate Content
Message 4 of 4
‎06-24-2019 12:04 PM

Re: Using the Firewall to Stop all Network Communications

Jump to solution
@mlajoie wrote:
I'm OK with that but I'm afraid my customer wants a total blackout on communications - when the need arises.

Hi @mlajoie, this is not possible in ENS Firewall.  Even if you have a BLOCK ALL rule in your ruleset (which is not needed since the ENS Firewall includes a hard-coded, default BLOCK ALL TRAFFIC rule at the bottom of the ruleset) and enable the "Disable McAfee Core Networking" option, there will still be a few Firewall rules that are not disabled and will allow traffic.

Ref KB91206, Section "After I enable the "Disable McAfee core networking rules" feature, why are all the firewall rules inside the McAfee core networking group not disabled?" and "Which McAfee core networking firewall rules are not disabled when I enable the "Disable McAfee core networking rules" feature?").

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC