Desktop Firewall 8.5 (skipped rules & patch4 distribution)

Discussion in 'other firewalls' started by Davelicious, Jun 7, 2006.

Thread Status:
Not open for further replies.
  1. Davelicious

    Davelicious Registered Member

    Joined:
    Jun 7, 2006
    Posts:
    3
    Hi

    Many rules that I distribute via epo are skipped by the firewall on the desktopso_O

    example:
    -I created following 2 rules (in epo console):

    Rule 1:
    • -Description:Allow Web Outgoing
      -Action:permit
      -Protocol:TCP
      -Direction:Outgoing
      -Application:OUTLOOK.EXE (Match: That Path always and not the fingerprint) Drive: Any Path:Any
      -Local Service(s):Range 1024 - 65535
      -Remote Service(s):List 80, 443, 135
      -Address: Any
      -Log matching traffic: Enabled
      -Active: Enabled

    Rule 2:
    • -Description:Block ALL Other Outlook traffic
      -Action:Block
      -Protocol:All IP Protocols
      -Direction:Either
      -Application:OUTLOOK.EXE (Match: That Path always and not the fingerprint) Drive: Any Path:Any
      -Local Service(s):-
      -Remote Service(s):-
      -Address: Any
      -Log matching traffic: Enabled
      -Active: Enabled

    -I distribute both rules (that goes all fine)
    -Then I start Outlook on a client and check the logs of the firewall with following conclusions:
    • -Rule 1 works fine
      -Rule 2 is totally ignoredo_O


    -What I did then to monitor the problem (on the client side):

    1) -I duplicate rule 2 (I call it "Rule 3")
    -Then I edit the Application of the rule (because I can't select the "Match" (rule handling) of a local created rule)
    so the rule becomes:

    Rule 3:
    • -Description:Block ALL Other Outlook traffic (local rule)
      -Action:Block
      -Protocol:All IP Protocols
      -Direction:Either
      -Application:C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
      -Local Service(s):-
      -Remote Service(s):-
      -Address: Any
      -Log matching traffic: Enabled
      -Active: Enabled

    -Then I start Outlook on a client and check the logs of the firewall with following conclusions:
    • -Rule 1 works fine
      -Rule 2 is totally ignoredo_O
      -Rule 3 works fine o_O (Why is the identical rule 2 skipped?)

    2) -Then I changed the sequence of the 2 rules on the eposerver (rule2 followed by rule1) and distributed it
    so the sequence now is:
    • -Rule 2
      -Rule 1
      -Rule 3
    • -guess what: Rule 2 works 100% OK

    So my conclusion till now is that I CAN'T trust this firewall because it skips (critical) rules.



    I'm using:
    -Eposerver 3.5 (+patch5)
    -MDF 8.5 + patch 4


    Some other dissapointing topics are that:
    -MDF 8.5 patch 4 doesn't get distributed via epoo_O
    -When I install MDF 8.5 patch 4 locally via the setup, the About still shows the old build nr 260 instead of 428
    but when I check the build version of the files "McAfeeFire.exe", "FireSvc.exe" & "FireTray.exe" in the properties it shows the correct 428


    Anyone noticed same strange behaviours?
    Or better, has any solutions?


    I'm testing MDF 8.5 for a few weeks now.
    I started very optimistic but the more I test it the more disapointed I get.


    regards
    Dave
     
    Davelicious, Jun 7, 2006
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...