Host IPS 8.0
Patch 5 and later resolve this issue. This fix includes an updated default firewall policy and other firewall rules to ensure communication between MA 5.x and ePO 5.x.
Workarounds for the above issue on Windows systems:
- Apply the Host IPS October 2014 Content package version #6015 to all systems running Host IPS 8.0.
- After the Host IPS Content is updated, you can use one or more of the following workarounds to avoid this issue:
- Add a Host IPS firewall rule Allow McAfee Signed Applications to the Firewall Rules policy that's currently being assigned to all endpoints. For an example of how to create a rule to allow Signed Applications, review the Default policy under Trusted Applications. The first rule, All McAfee Signed Applications, has executable criteria defined that you can use as an example.
- Make sure that the Default policy under the Host IPS Trusted Applications policy is assigned to all endpoints. The first rule under this policy, All McAfee Signed Application, makes sure that MA can communicate with ePO.
NOTE: This rule is a unidirectional. It allows communication from MA to ePO, but not from ePO to MA. So, this rule does not allow an agent wake-up call.
- Create explicit Host IPS firewall rules that allow traffic to and from the ePO server by performing one of the following actions:
- Specify the IP address of the ePO server in a firewall rule.
- Specify the IP address of the ePO server in the Host IPS firewall "Trusted Networks" policy.
NOTE: When you apply these workarounds, we recommend that you validate them first on test systems. This validation enables you to make sure that the configured policy works, before you deploy them to production systems in your organization.
If the endpoints are locked down because of this issue, perform the following steps:
- Get local access to the computer.
- Open and unlock the Host IPS client console.
- Perform one of the following actions:
- Disable the firewall.
- Create local firewall rules as described in the "Workaround" section above.