×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
exbrit
MVP
MVP
Message 31 of 47

Re: Persistent 'program wants to accept incoming internet connection' pop-ups

We are discussing the issue on our conference call as I type.   A good point has been made that the settings will change every time that particular software updates to a new version and all settings may change to default anyway when McAfee does a major update.   2 things to watch out for.

None of us can reproi an issue where these settings aren't remembered otherwise and all we can suggest is that people may be telling the UI to remember once only, or 'this time only'....sorry I have too much on my desktop to actually check this personally, but just relaying what is being said.

PhilF
Contributor III
Message 32 of 47

Re: Persistent 'program wants to accept incoming internet connection' pop-ups

…and yet another issue that the Mcafee programmers refuse to acknowledge.  Nice!
It is insulting for them to suggest that we do not know the difference between allow this time only and outbound access only.
This rates right up there with the smart timer issue for updates which was implemented without fully understanding all of the unintended consequences.
Easiest solution would have been to simply go back to the 2009 (or earlier) versions which worked as they were supposed to.
Please don’t take this personally Ex-Brit, as my comments are in no way directed towards you.
I really do appreciate all your efforts on this forum, and am just venting my frustration with all of the problems with the current version, and lack of willingness on the part of the programmers to address some of them.

exbrit
MVP
MVP
Message 33 of 47

Re: Persistent 'program wants to accept incoming internet connection' pop-ups

They haven't actually refused to acknowledge, it's just that they can't reproduce the issue.

Contact Technical Support Chat and ask for escalation.

Message was edited by: Ex_Brit on 17/01/11 2:45:54 EST PM
fbg00
Former Member
Message 34 of 47

Re: Persistent 'program wants to accept incoming internet connection' pop-ups

I am a network security professional and I am able to reproduce this problem.  Here is a summary:

  1. Personal Firewall enables users to allow or block inbound and/or outbound connections on a per application basis
  2. When an application is set for "allow outbound only", but later that application attempts to allow an incoming connection, the user is prompted by a McAfee dialog box "McAfee detected a program on your PC that is trying to accept incoming connections from the Internet ... allow always, allow once, block"
  3. If the user clicks "block" then the application in question is blocked from all Internet access, both inbound and outbound.  Since the policy set in 2 above is to allow outbound traffic, this is not what the user generally wants.
  4. The only other option is to click one of the allow buttons, but the whole point of the McAfee product is to be able to block undesired traffic, and based on the settings selected in 2 above, this amounts to allowing the unwanted traffic
  5. There is no option to dismiss this dialog box without changing any settings

To reproduce the problem:

  1. perform a clean install of Windows 7, and McAfee Security Center / Personal Firewall
  2. install Firefox
  3. set personal firewall to allow outbound connections but block incoming connections
  4. browse the web for a period of time
  5. the dialog box will apear

Since there was confusion before, "outbound traffic" means typically-two-way traffic where the initial request that initiates the session is outbound.  Example: web browsing from the user's PC out to the Internet.  "inbound traffic" means typically-two-way traffic where the session is initiated from outside.  For example -- when the user runs a web server on his PC, and someone from the Internet requests a page from that server.

There have been suggestions that a possible solution to the original problem is to hit "allow always" to make this warning go away.  However that is not secure.  Consider, for example, Firefox.  While the browser uses some traffic on 127.0.0.1 for caching of content, so it needs _some_ inbound traffic (albeit not "from the Internet" but rather "from localhost") to function optimally, it is also possible for a rogue plugin to insert a bot or other malware into Firefox -- a sleeper program, key logger, etc, which could listen on a port for orders from an attacker to send data, or perform some action.  Generally one does NOT want a browser to accept incoming connections from the Internet.  Also, Firefox seems to work fine with inbound traffic blocked.

In summary this should be considered a bug in McAfee Personal Firewall and have a developer at McAfee assigned to document and correct the problem.  Feel free to PM me for help in reproducing the bug.

exbrit
MVP
MVP
Message 35 of 47

Re: Persistent 'program wants to accept incoming internet connection' pop-ups

I'll pass this on, thanks.

exbrit
MVP
MVP
Message 36 of 47

Re: Persistent 'program wants to accept incoming internet connection' pop-ups

Not good news but apparently this is the way it's designed.   I'm sorry I couldn't get anything better on it.

You might want to contact Technical Support Chat and escalate it upwards.  Link under Useful Links above.

SymantecFan
Former Member
Message 37 of 47

Re: Persistent 'program wants to accept incoming internet connection' pop-ups

When I bought this computer, it came with 18 months of McAfee. I even extended the service because I was, as in past tense, pretty happy with it. Unfortunately, I am starting to regret my decision to stay with McAfee, and not change back to Symantec. I am a happy Symantec user, but I am not a happy McAfee user, at this time. Please let the people at McAfee know that failing to fix this problem may cost them a few customers, as I return to using and recommending Symantec, to my friends and family. I won't have a software designer force their bad decisions on me. I also resent it when a software company decides to relabel bad design decisions or bugs, as features. If this is a feature, it is a negative value feature that will cost McAfee to loose customers.

Symantec Fan.

exbrit
MVP
MVP
Message 38 of 47

Re: Persistent 'program wants to accept incoming internet connection' pop-ups

Well I did report it.  The best way to get the message across is to file a problem with online Technical Support Chat as I previously said, and one could possibly get in on the development process by actively beta testing the newer products and filing Bug Reports on same, that way you can effect change before the products are released.

Consumer Beta Testing.

Message was edited by: Ex_Brit on 01/02/11 6:48:07 EST AM
fbg00
Former Member
Message 39 of 47

Re: Persistent 'program wants to accept incoming internet connection' pop-ups

This seems like an excellent suggestion.  In case anyone is wondering, as I was, what exactly "technical support chat" is and how does one contact it, go to the menu above.  Select McAfee Support -> Home and Home Office (or Corporate as the case may be -- YMMV) -> go to technical support -> chat -> run McAfee Virtual Technician (if you have not already) -> then you can finally click on "chat".  I don't have the expected wait time right now so I have not tried it yet, but if anyone does and has any luck, please share.

wbleeds
Former Member
Message 40 of 47

Re: Persistent 'program wants to accept incoming internet connection' pop-ups

Just to chip in my tupppence worth and hopefully add some more weight to this "design feature"...

I'm an IT programmer of 15yrs or so experience. The problem is astoundingly easy to re-produce. Install Win 7, Install McAfee Total Protection 2011 - set the firewall to Outbound Only or Stealth. Set relevant program permissions to Outbound only. Set information alerts to tell you when programs are allowed access to the internet. Try browsing... answer "Allow access" popups, re-boot, try browsing, answer "Allow access" popups again. At some point you will even get the message telling you that IE has been allowed Full access depsite all your best user efforts and settings through the GUI. Reset it to outbound and repeat...for ever.

To say this is design is just stupid... If it's design, it sucks and is broken. Sorry I don't pull punches for cop-out statements. You do not design a user interface to give the user the ability to set an explicit piece of behaviour and then have the code automitcally reset that behaviour. That's a bug, pure and simple.

If this is a "design" to protect average users, then why does it allow browsers to accept incoming connections with no authorisation? This is not safe behaviour. Your average user is perhaps far more at danger of picking up malicious downloads etc than an expert user and so the default in this case should be Outbound only. C'mon this really is not "design" and if it is, it is not design that ever had the user in mind.

A really nice piece of design decisioning, which was present in the past (thumbs up McAfee) was to allow the advanced user to set explicit behaviour on an item and then have a pop-up confirm this behaviour once and once only. That's a good design! If you're worried that once only is not enough put a time period check in or have a checkbox to say "Don't ask me again." These are all standard design options and work.

Another frustrated user evaluating next years licence.

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community