Solved

McAfee firewall blocking UDP/TCP ports

Posted on 2007-03-20
5
2,000 Views
Last Modified: 2012-05-05
Hi Experts,
   I'm having an problem on one of my office computers. I have McAfee Small Business Edition installed on 8 computers there and following is what I've been experience on one of them. The McAfee firewall that comes with this small business edition is enable and on some days I can't access the internet, I have to disable the firewall and then I can access the net. I logged in to the security center here https://www.mcafeeasap.com/ , click on Reports and on Inbound events blocked by firewall I see the that computer has 100 events as follow:
Attack Type                     Event Count
UDPNOTINUSE                      89
BLOCKEDUDPPORT              8
BLOCKEDTCPPORT              3

I have called McAfee tech support but to be honest it's terrible. They had me uninstalled and reinstalled the firewall and with no solution.

To get around this I have to disable the McAfee firewall and enable the windows firewall and everything works fine. So, I know for a fact that it has to do with the McAfee firewall. Any help will be greatly appriciated.
0
Comment
Question by:frankbustos
  • 3
  • 2
5 Comments
 
LVL 15

Expert Comment

by:riteheer
ID: 18761519
Have you scanned this particular machine for malware?  
Perhaps there is something spyware related on this machine which is triggering the firewall and causing this.
If you would like some tips on malware scanning, just holler, but that would be the first place I would look.
0
 

Author Comment

by:frankbustos
ID: 18761564
Hi riteheer,

  I did think of that, but didn't take any action towards it. I would like some tips on malware scanning please. I have XOFTSPY which seems to works pretty good any other you recommend would be great.
0
 
LVL 15

Accepted Solution

by:
riteheer earned 500 total points
ID: 18761659
Not familiar enough with xoftspy to recommend one way or the other.  
My usual attack method is:
1. Adaware SE   get it here: www.lavasoft.com
2. Spybot S&D  get it here:
3. Hijackthis  get it here: http://hijackthis.de   (direct download link it top right corner)   You can also evaluate the log on that same page, if you need help with that, just save the log and there is a button at the bottom of that window 'analyze', after you run the analysis, copy the link back here and I'll have a look.
4. online scan:  http://security.symantec.com  

If you need help with any of this, just holler... going to bed now, but will check it tomorrow....
Gnite and gluck
Jappo
0
 

Author Comment

by:frankbustos
ID: 18773055
Hi riteheer,

   It appear to be malware/spyware. It was very stranged it was causing network resources to be unvailable via map drives but yet you can access them through the unc path \\server\......It all appears to be normal for now.
0
 
LVL 15

Expert Comment

by:riteheer
ID: 18776757
  If it persists or comes back, let me know, some of them can be a real pain.  There is a smitfraud fix which is used when you get annoying little popups in the systray near the clock.
   If I can be of any further help, just holler.
Thank you for the points and even more for the grade!
Jappo
Those who've flown with me, enjoyed it... Those who've flown against me, learned what it means to sweat.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows XP on Acer Aspire One 49 166
iptables ubuntu BLOCK all 2 79
Exe program is not a valid Win 32 application 15 104
Event ID: 1008 / Source: Microsoft-Windows-Perflib 2 126
Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now