McAfee port blocking

G

Guest

We use McAfee VirusScan Enterprise Version 8.5.0. One of the options
provided with McAfee is port blocking. We block port 80 to prevent our
corporate user from downloading from the internet, which prevents Defender
from getting it's updates. There is an Exception option in port blocking that
allows specified programs to run and access the internet. We need to know
what program Defender uses to retrieve it's updates, so that we can add it to
the exceptions list. Thank you for your assistance.
 
B

Bill Sanderson MVP

There's no perfect solution. I take it you are also blocking receipt of
updates from AutoUpdate or Windows Update?

If you are running WSUS to distribute and control updates, Windows Defender
definitions can be distributed via WSUS.

Updates may be initiated by either mpcmdrun.exe or msascui.exe, I think, but
the actual downloading is done using the Background Intelligent Transfer
Service (BITS) which on my system looks like this:

E:\WINDOWS\System32\svchost.exe -k netsvcs

So--one of the SVCHOST services--the one which runs network services, is
what you probably need to allow. This is not very precise--that SVCHOST
runs other services, and BITS can be used by other executables.

Is it possible to open the firewall to particular hosts? If that is the
case, opening it to the hosts of Windows Update might be what you'd need.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Port and File-Blocking Best Practices 4
New port, system configuration changed message every day. 1
blocking streaming audio and/or video 4
McAfee Viruscan 8 stops Windows Defender signature downloads 6
McAfee 3
Preventing Internet Explorer Access 4
Blocking ARP Packets at Client 4
POrt Mapping /forwarding 2

Top