×
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
exmfe
Former Member
Message 1 of 15
‎02-26-2012 03:20 AM

Firewall blocking local ip's and link-local addresses

Hi,

I am hoping someone here can help me as official support channels haven't been of any help so far.

I am using MTP on 3 PC's (Vista, W7, XP - all 32 bit and all fully updated) which are connected along with other devices on a wired and wireless LAN via a router.

I have noticed that there are addresses in the local network range and link-local addresses which are regularly and frequently (approx every 15 mins) showing up in the incoming event firewall log.

The most frequent addresses and events  are 191.168.0.1  SSDP 169.254.235.174 SSDP but there are others.

191.168.0.1 is the router.

The full lan address range is already included in the "My Network Connections" range (192.168.0.0 - 192.168.0.255)

I can see the router and the other PC's in explorer and in the device list in Home Network screen of MTP.

I have checked the logs in the Program Data folder and I can see several local addresses which are apparently being blocked e.g.

  

02/26/2012 11:23:15 AM$ -- (Information)$ [ mpfsvc.dll]$ >>> Packet blocked: 192.168.0.196(445)-192.168.0.170(7946) TCP process(0):[] reason:MPFP_RULE_MADE_DECISION_BY_UNSOLICITED_DATA:MFEID_BLOCK_UNKNOWN_APP_RULE | MFEID_POLICY_APPLICATION | MFEID_BLOCK_UNKNOWN_APP_RULE | MFEID_POLICY_IDS | {145CE739-CB40-494A-A12A-B71B88CADAB5} | {0D34D750-EB5E-4B0C-A1AC-0761D6F4DFB7} | {CD42F984-081E-40C2-92AD-C4A8307B13FB}

Any idea why these local addresses are being blocked?

Also, I am not able to connect to a local video webserver on one of these PC's even if I explicitly specify the port (8570) in "Firewall Ports and System Services". The device (an iPad) in the LAN which attempts to connect (+port) can be seen in the incoming event log.

Any idea what's going on?

Thanks.

0 Kudos
Reply
14 Replies
exmfe
Former Member
Message 2 of 15
‎02-26-2012 06:36 AM

Re: Firewall blocking local ip's and link-local addresses

Here are more suspicious items in the log (my highlights)...

02/26/2012 02:58:42 PM$ -- (Information)$ [     mpfsvc.dll]$ >>> Packet blocked: 192.168.0.1(1900)-239.255.255.250(1900) UDP process(1520):[C:\WINDOWS\SYSTEM32\SVCHOST.EXE] reason:MPFP_RULE_MADE_DECISION_BY_PORT_RULE:System Ports Rule: Universal Plug and Play (UPNP) Port 5000,1900,2869 (tcp=5000,2869, udp=1900, enabled=1, standard=1) | App Rule: C:\WINDOWS\SYSTEM32\SVCHOST.EXE ([FULL]) | System Ports Rule: Universal Plug and Play (UPNP) Port 5000,1900,2869 (tcp=5000,2869, udp=1900, enabled=1, standard=1) | MFEID_POLICY_IDS | {145CE739-CB40-494A-A12A-B71B88CADAB5} | {0D34D750-EB5E-4B0C-A1AC-0761D6F4DFB7} | {4AD91FA5-FB02-41AF-BFF3-04E372ED4954}
02/26/2012 03:08:26 PM$ -- (Information)$ [   McSvHost.exe]$ Problem reported to MSC: 0
02/26/2012 03:13:28 PM$ -- (Information)$ [     mpfsvc.dll]$ >>> Packet blocked: 169.254.135.174(1900)-239.255.255.250(1900) UDP process(1520):[C:\WINDOWS\SYSTEM32\SVCHOST.EXE] reason:MPFP_RULE_MADE_DECISION_BY_PORT_RULE:System Ports Rule: Universal Plug and Play (UPNP) Port 5000,1900,2869 (tcp=5000,2869, udp=1900, enabled=1, standard=1) | App Rule: C:\WINDOWS\SYSTEM32\SVCHOST.EXE ([FULL]) | System Ports Rule: Universal Plug and Play (UPNP) Port 5000,1900,2869 (tcp=5000,2869, udp=1900, enabled=1, standard=1) | MFEID_POLICY_IDS | {145CE739-CB40-494A-A12A-B71B88CADAB5} | {0D34D750-EB5E-4B0C-A1AC-0761D6F4DFB7} | {4AD91FA5-FB02-41AF-BFF3-04E372ED4954}
0 Kudos
Reply
exbrit
MVP
MVP
Message 3 of 15
‎02-26-2012 06:44 AM

Re: Firewall blocking local ip's and link-local addresses

OK, your Inbound Events log is merely there for your information as all of them are blocked, so there's no need to worry about them.  We all have hundreds of entries in there.  As far as why a local IP in your own network (your router perhaps?) is blocked, perhaps it isn't entered properly in your firewall permssions.

Open SecurityCenter then click Web and Email Protection, then Firewall, then My Network Connections.  In there should be the IP range of your router (or modem if connected directly).  Add it if it isn't. An example is shown:

Capture.JPG

Message was edited by: Ex_Brit on 26/02/12 9:48:45 EST AM
0 Kudos
Reply
exmfe
Former Member
Message 4 of 15
‎02-26-2012 06:56 AM

Re: Firewall blocking local ip's and link-local addresses

Hi Ex-Brit,

Thanks for the response. I do know the purpose of the inbound event log; The addresses I am flagging are LAN addresses and should not be blocked. As per my first post the lan address range is already specified in My Network Connections so this doesn't explain why these addresses are being blocked.

0 Kudos
Reply
exbrit
MVP
MVP
Message 5 of 15
‎02-26-2012 07:00 AM

Re: Firewall blocking local ip's and link-local addresses

Maybe they are trying to access ports that are restricted normally.   That could happen if spyware was onboard or if some software works in an unconventional manner, but that may not be the case.   Your best bet for a good answer on this would be to open a case with Technical Support linked under Useful Links at the top of the page.  It's a free phone call or you can use online chat.

0 Kudos
Reply
exmfe
Former Member
Message 6 of 15
‎02-26-2012 07:35 AM

Re: Firewall blocking local ip's and link-local addresses

Hi Ex-Brit,

As you can see in the logs the ports are standard system ports which are predefined and enabled in  "Firewall Ports and System Services" e.g 1900.

I have tried tech support twice so far (chat and telephone) but unfortunately it was a frustrating waste of time.  I will try again with email support this time.

Is there any way I can request Tier 2 support via email?

Thanks for your help.

0 Kudos
Reply
exmfe
Former Member
Message 7 of 15
‎02-26-2012 08:05 AM

Re: Firewall blocking local ip's and link-local addresses

Ok I have requested Tier 2 support in my tech support email.

Let's see what happens.

I'll report back in case the info might helps others.

Thanks again.

0 Kudos
Reply
exbrit
MVP
MVP
Message 8 of 15
‎02-26-2012 08:28 AM

Re: Firewall blocking local ip's and link-local addresses

I will also flag this thread internally in the hope a firewall expert can help.

0 Kudos
Reply
Dinz
Former Member
Message 9 of 15
‎02-28-2012 11:28 AM

Re: Firewall blocking local ip's and link-local addresses

Hi there,

I see that you have contacted our Tier 2 support personnel’s on this issue , let me make sure that this is elevated to the correct team. In the meantime, could you please let me know;

If these instances are reported recently after a McAfee update or well before ?

Do have any devices connected to your network that accesses internet like a secondary PC, laptop etc ,. . .

Regards,

0 Kudos
Reply
exmfe
Former Member
Message 10 of 15
‎02-28-2012 12:03 PM

Re: Firewall blocking local ip's and link-local addresses

Hi Dinesh,

I really don't know when these issues first started - I only recently checked the incoming event logs and noticed the lan addresses.

According to the About screen the versions are:

MSC - 11.0.654

MVS - 15.0.294 28/2/2012

Dat version 6633 27/22012

MPF - 12.0.345 21/11/2011

MPC - 13.0.319 22/12/2011 (not enabled)

I have automatic updates on.

I don't have any other modules enabled.

As per my original post there are several other devices on the lan including 2 PCs and several Apple iOS devices.

Thanks.

0 Kudos
Reply
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community

* Important Terms and Offer Details:

  Subscription, Free Trial, Pricing and Automatic Renewal Terms:

  • The amount you are charged upon purchase is the price of the first term of your subscription. The length of your first term depends on your purchase selection (e.g. 1 month or 1 year).  Once your first term is expired, your subscription will be automatically renewed on an annual basis (with the exception of monthly subscriptions, which will renew monthly) and you will be charged the renewal subscription price in effect at the time of your renewal, until you cancel (Vermont residents must opt-in to auto-renewal.)
  • Unless otherwise stated, if a savings amount is shown, it describes the difference between the introductory first term price (available only to customers without an existing McAfee subscription) and the renewal subscription price (e.g., first term price vs. each year thereafter).
  • Pricing is subject to change. If the renewal price changes, we will notify you in advance so you always know what’s going on.
  • You can cancel your subscription or change your auto-renewal settings any time after purchase from your My Account page. To learn more, click here.
  • You may request a refund by contacting Customer Support within 30 days of initial purchase or within 60 days of automatic renewal (for 1 year terms or longer).
  • Your subscription is subject to our License Agreement and Privacy Notice. Subscriptions covering "all" devices are limited to supported devices that you own. Product features may be added, changed or removed during the subscription term.  Not all features may be available on all devices.  See System Requirements for additional information.
  • Free Trial Terms: At the end of your trial period you will be charged $39.99 for the first term. After the first term, you will be automatically renewed at the renewal price (currently $124.99/yr). We will charge you 7-days before renewal. You can cancel at any time before you are charged. ​

 **Free Benefits With Auto-Renewal:

  • For many qualifying product subscriptions McAfee offers additional benefits for free when you are enrolled in auto-renewal. You can check your eligibility for these benefits in your My Account page. Not all benefits are offered in all locations or for all product subscriptions.  System Requirements apply.   Turning off auto-renewal terminates your eligibility for these additional benefits. 
  • Virus Protection Pledge (VPP): If we cannot remove a virus from your supported device we’ll refund you the amount you paid for your current term subscription.  The refund does not apply to any damage or loss caused by a virus.  You are responsible for backing up your data to prevent data loss. See terms here: mcafee.com/pledge.
  • Safe Connect VPN:  You will receive free, unlimited access to our VPN wireless on supported devices. Users not on auto-renewal have access to 500 MB/month of bandwidth.

   Additional Terms Specific to Identity Monitoring Service:

  • Eligibility: McAfee® Identity Monitoring Service Essentials is available within active McAfee Total Protection and McAfee LiveSafe subscriptions with identity monitoring for up to 10 unique emails. Phone number monitoring is enabled upon activation of Automatic Renewal. Not all identity monitoring elements are available in all countries. See Product Terms of Service for more information. 
  • Your subscription is subject to our License Agreement and Privacy Notice. Product features may be added, changed or removed during the subscription term. Some features may require registration and a valid ID number to activate. See System Requirements for additional information.
  • While McAfee Identity Monitoring Service provides you tools and resources to protect yourself from identity theft, no identity can be completely secure.
  • US Only:
    Fair Credit Reporting Act: You have numerous rights under the FCRA, including the right to dispute inaccurate information in your credit report(s). Consumer reporting agencies are required to investigate and respond to your dispute, but are not obligated to change or remove accurate information that is reported in compliance with applicable law. While this plan can provide you assistance in filing a dispute, the FCRA allows you to file a dispute for free with a consumer reporting agency without the assistance of a third party.
  • Identity theft coverage is not available in New York due to regulatory requirements.


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Products

McAfee® Total Protection
McAfee® Gamer Security
McAfee® Identity Monitoring Service
McAfee® Security Scan Plus
McAfee® WebAdvisor
McAfee® Techmaster Concierge
McAfee® Virus Removal Service

Resources

Antivirus
Free Downloads
Parental Controls
Malware
Firewall
 Blogs
Activate Retail Card
Threat Center
McAfee Enterprise

Support

Consumer Support
FAQs
Renewals
Support Community

About

About McAfee
Careers
Contact Us
Newsroom
Investors
Legal Terms
Your Privacy Choices
System Requirements
Sitemap

Copyright © 2022 McAfee, LLC
Copyright © 2022 McAfee, LLC