Desktop Firewall 8.5 (skipped rules & patch4 distribution)

Discussion in 'other firewalls' started by Davelicious, Jun 7, 2006.

Thread Status:
Not open for further replies.
  1. Davelicious

    Davelicious Registered Member

    Joined:
    Jun 7, 2006
    Posts:
    3
    Hi

    Many rules that I distribute via epo are skipped by the firewall on the desktopso_O

    example:
    -I created following 2 rules (in epo console):

    Rule 1:
    • -Description:Allow Web Outgoing
      -Action:permit
      -Protocol:TCP
      -Direction:Outgoing
      -Application:OUTLOOK.EXE (Match: That Path always and not the fingerprint) Drive: Any Path:Any
      -Local Service(s):Range 1024 - 65535
      -Remote Service(s):List 80, 443, 135
      -Address: Any
      -Log matching traffic: Enabled
      -Active: Enabled

    Rule 2:
    • -Description:Block ALL Other Outlook traffic
      -Action:Block
      -Protocol:All IP Protocols
      -Direction:Either
      -Application:OUTLOOK.EXE (Match: That Path always and not the fingerprint) Drive: Any Path:Any
      -Local Service(s):-
      -Remote Service(s):-
      -Address: Any
      -Log matching traffic: Enabled
      -Active: Enabled

    -I distribute both rules (that goes all fine)
    -Then I start Outlook on a client and check the logs of the firewall with following conclusions:
    • -Rule 1 works fine
      -Rule 2 is totally ignoredo_O


    -What I did then to monitor the problem (on the client side):

    1) -I duplicate rule 2 (I call it "Rule 3")
    -Then I edit the Application of the rule (because I can't select the "Match" (rule handling) of a local created rule)
    so the rule becomes:

    Rule 3:
    • -Description:Block ALL Other Outlook traffic (local rule)
      -Action:Block
      -Protocol:All IP Protocols
      -Direction:Either
      -Application:C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
      -Local Service(s):-
      -Remote Service(s):-
      -Address: Any
      -Log matching traffic: Enabled
      -Active: Enabled

    -Then I start Outlook on a client and check the logs of the firewall with following conclusions:
    • -Rule 1 works fine
      -Rule 2 is totally ignoredo_O
      -Rule 3 works fine o_O (Why is the identical rule 2 skipped?)

    2) -Then I changed the sequence of the 2 rules on the eposerver (rule2 followed by rule1) and distributed it
    so the sequence now is:
    • -Rule 2
      -Rule 1
      -Rule 3
    • -guess what: Rule 2 works 100% OK

    So my conclusion till now is that I CAN'T trust this firewall because it skips (critical) rules.



    I'm using:
    -Eposerver 3.5 (+patch5)
    -MDF 8.5 + patch 4


    Some other dissapointing topics are that:
    -MDF 8.5 patch 4 doesn't get distributed via epoo_O
    -When I install MDF 8.5 patch 4 locally via the setup, the About still shows the old build nr 260 instead of 428
    but when I check the build version of the files "McAfeeFire.exe", "FireSvc.exe" & "FireTray.exe" in the properties it shows the correct 428


    Anyone noticed same strange behaviours?
    Or better, has any solutions?


    I'm testing MDF 8.5 for a few weeks now.
    I started very optimistic but the more I test it the more disapointed I get.


    regards
    Dave
     
Loading...
Thread Status:
Not open for further replies.