Hi, I am a new Mcafee user & have relatively basic computer knowledge. Looking round the product, I've just come across the Incoming Events Log relating to my firewall. There are lots of logs along the lines of 'a computer at xxx has made an unsolicited attempt to access port xxxx'. Can someone tell me what is going on here please? I presume they are being blocked by the firewall & all is ok? However, I'm sure I read somewhere that with a router (plus hardware firewall) also in place, this should minimise this sort of activity, but I still appear to be receiving quite a lot of these incoming hits. Thanks Matt
represents FAILED attempts at entering your machine. Not all of them are
malicious but many are and it just serves to show you that the firewall
is alive and well.
Thanks Carmine that's helpful. Just following on from this, i've just noticed that in the last couple of days I've had the first events logged in my outgoing events log. Until then, it has been absolutely blank. I did change my firewall security setting from outgoing access to stealth, a couple of days ago, so I wondered if it was just connected to this & nothing more serious? The programme was PMMdatamgr application (my win locker).
This might be really a really basic query, but i'm not hugely computer literate, so would appreciate someone just putting my mind at rest that all is ok.
By the way I've since switched back to outgoing access as recommended - is this the best thing to do?
I understand - after all, peace of mind is what we seek with security software.
Outbound events are just programs in your machine requesting Internet access.
Depending on your McAfee "Smart Advice" settings, you may or may not get an alert every time a program wants to connect to (or is granted access to) the Internet. SmartAdvice may determine that a program is legit and grant Internet access. More at http://download.mcafee.com/products/webhelp/4/1033/GUID-8C4C87B8-52B9-4CE8-B190-96E8DC8B8331.html
Anyways, there is a "Program Permissions" section within your McAfee Firewall settings that shows you the programs that have some kind of access or restriction to the Internet.
Outbound events are no reason to worry - McAfee would spot a malicious program, so in there you would probably see legit programs requesting (and sometimes obtaining) Internet access.
About your 'recommended settings' question I am not sure about what is best. Of course, 'recommended settings' should work well.
I was looking for some info on the 'stealth' feature of firewalls and I found this explanation at http://www.grc.com/faq-shieldsup.htm :
'Stealthed' ports are a, strictly speaking, a violation of proper TCP/IP rules of conduct. Proper conduct requires a closed port to respond with a message indicating that the open request was received, but has been denied. This lets the sending system know that its open request was received so that it doesn't need to keep retrying. But, of course, this "affirmative denial" also lets the sending system know that a system actually exists on the receiving end . . . which is what we want to avoid in the case of malicious hackers attempting to probe our systems. Since 'Stealthing' is non-standard behavior for Internet systems, it is behavior which must be created and enforced by means of a firewall security system of some sort. The native TCP/IP interface software used by personal computers will ALWAYS reply that a port is closed. Therefore, some additional software or hardware, in the form of a 'stealth capable firewall' must be added to the computer system in order to squelch its "closed port" replies.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: