Solved

McAfee firewall blocking UDP/TCP ports

Posted on 2007-03-20
5
2,012 Views
Last Modified: 2012-05-05
Hi Experts,
   I'm having an problem on one of my office computers. I have McAfee Small Business Edition installed on 8 computers there and following is what I've been experience on one of them. The McAfee firewall that comes with this small business edition is enable and on some days I can't access the internet, I have to disable the firewall and then I can access the net. I logged in to the security center here https://www.mcafeeasap.com/ , click on Reports and on Inbound events blocked by firewall I see the that computer has 100 events as follow:
Attack Type                     Event Count
UDPNOTINUSE                      89
BLOCKEDUDPPORT              8
BLOCKEDTCPPORT              3

I have called McAfee tech support but to be honest it's terrible. They had me uninstalled and reinstalled the firewall and with no solution.

To get around this I have to disable the McAfee firewall and enable the windows firewall and everything works fine. So, I know for a fact that it has to do with the McAfee firewall. Any help will be greatly appriciated.
0
Comment
Question by:frankbustos
  • 3
  • 2
5 Comments
 
LVL 15

Expert Comment

by:riteheer
ID: 18761519
Have you scanned this particular machine for malware?  
Perhaps there is something spyware related on this machine which is triggering the firewall and causing this.
If you would like some tips on malware scanning, just holler, but that would be the first place I would look.
0
 

Author Comment

by:frankbustos
ID: 18761564
Hi riteheer,

  I did think of that, but didn't take any action towards it. I would like some tips on malware scanning please. I have XOFTSPY which seems to works pretty good any other you recommend would be great.
0
 
LVL 15

Accepted Solution

by:
riteheer earned 500 total points
ID: 18761659
Not familiar enough with xoftspy to recommend one way or the other.  
My usual attack method is:
1. Adaware SE   get it here: www.lavasoft.com
2. Spybot S&D  get it here:
3. Hijackthis  get it here: http://hijackthis.de   (direct download link it top right corner)   You can also evaluate the log on that same page, if you need help with that, just save the log and there is a button at the bottom of that window 'analyze', after you run the analysis, copy the link back here and I'll have a look.
4. online scan:  http://security.symantec.com  

If you need help with any of this, just holler... going to bed now, but will check it tomorrow....
Gnite and gluck
Jappo
0
 

Author Comment

by:frankbustos
ID: 18773055
Hi riteheer,

   It appear to be malware/spyware. It was very stranged it was causing network resources to be unvailable via map drives but yet you can access them through the unc path \\server\......It all appears to be normal for now.
0
 
LVL 15

Expert Comment

by:riteheer
ID: 18776757
  If it persists or comes back, let me know, some of them can be a real pain.  There is a smitfraud fix which is used when you get annoying little popups in the systray near the clock.
   If I can be of any further help, just holler.
Thank you for the points and even more for the grade!
Jappo
Those who've flown with me, enjoyed it... Those who've flown against me, learned what it means to sweat.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question