McAfee firewall blocking UDP/TCP ports

Posted on 2007-03-20
Medium Priority
Last Modified: 2012-05-05
Hi Experts,
   I'm having an problem on one of my office computers. I have McAfee Small Business Edition installed on 8 computers there and following is what I've been experience on one of them. The McAfee firewall that comes with this small business edition is enable and on some days I can't access the internet, I have to disable the firewall and then I can access the net. I logged in to the security center here https://www.mcafeeasap.com/ , click on Reports and on Inbound events blocked by firewall I see the that computer has 100 events as follow:
Attack Type                     Event Count
UDPNOTINUSE                      89
BLOCKEDUDPPORT              8
BLOCKEDTCPPORT              3

I have called McAfee tech support but to be honest it's terrible. They had me uninstalled and reinstalled the firewall and with no solution.

To get around this I have to disable the McAfee firewall and enable the windows firewall and everything works fine. So, I know for a fact that it has to do with the McAfee firewall. Any help will be greatly appriciated.
Question by:frankbustos
  • 3
  • 2
LVL 15

Expert Comment

by:Jeff Perkins
ID: 18761519
Have you scanned this particular machine for malware?  
Perhaps there is something spyware related on this machine which is triggering the firewall and causing this.
If you would like some tips on malware scanning, just holler, but that would be the first place I would look.

Author Comment

ID: 18761564
Hi riteheer,

  I did think of that, but didn't take any action towards it. I would like some tips on malware scanning please. I have XOFTSPY which seems to works pretty good any other you recommend would be great.
LVL 15

Accepted Solution

Jeff Perkins earned 2000 total points
ID: 18761659
Not familiar enough with xoftspy to recommend one way or the other.  
My usual attack method is:
1. Adaware SE   get it here: www.lavasoft.com
2. Spybot S&D  get it here:
3. Hijackthis  get it here: http://hijackthis.de   (direct download link it top right corner)   You can also evaluate the log on that same page, if you need help with that, just save the log and there is a button at the bottom of that window 'analyze', after you run the analysis, copy the link back here and I'll have a look.
4. online scan:  http://security.symantec.com  

If you need help with any of this, just holler... going to bed now, but will check it tomorrow....
Gnite and gluck

Author Comment

ID: 18773055
Hi riteheer,

   It appear to be malware/spyware. It was very stranged it was causing network resources to be unvailable via map drives but yet you can access them through the unc path \\server\......It all appears to be normal for now.
LVL 15

Expert Comment

by:Jeff Perkins
ID: 18776757
  If it persists or comes back, let me know, some of them can be a real pain.  There is a smitfraud fix which is used when you get annoying little popups in the systray near the clock.
   If I can be of any further help, just holler.
Thank you for the points and even more for the grade!
Those who've flown with me, enjoyed it... Those who've flown against me, learned what it means to sweat.

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question