Loading...

Knowledge Center


Applications that generate loopback traffic are blocked though the Host Intrusion Prevention Firewall when adaptive mode is enabled
Technical Articles ID:   KB89071
Last Modified:  4/7/2017

Environment

McAfee Host Intrusion Prevention (Host IPS) 8.0 Patch 8

Problem

Applications that generate loopback traffic may get blocked though the firewall if adaptive mode is enabled. 

The traffic is not blocked if you add an any-any allow rule at the top of the firewall rule set.

The event trace log (ETL) trace shows the following error message:

[23]08E0.0990::11/17/2016-21:47:46.542 [mfewfp]FAILING pend operation for loopback-ed inbound connect IO FFFFFA8019334620!
[23]08E0.0990::11/17/2016-21:47:46.542 [mfefirek]WARNING: FAILED to pend ask PP IO  0xFFFFFA80193AB970 PID 932 Proto 6 151.128.152.143:389 <-- 151.128.152.143:60949 FW_ACTION_BLOCK_PACKET
[21]1144.0980::11/17/2016-21:47:46.542 [mfefwctl]FW_LOG_EVENT_TYPE_INFO Reason 34E1D7BF-C294-4A66-8432-17D556BBC046

Solution

This issue is resolved in Host IPS 8.0 Update 9, which is available from the Product Downloads site at: http://mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Updates are cumulative; Technical Support recommends that you install the latest one.

Workaround

Create a firewall rule in the rule set to allow the incoming loopback traffic.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.