I reported this problem in Feb. Nothing resolved. I don't think Mcafee will do anything. I don't use Mcafee anymore. The following is response from a Mcafee engineer
Thank you for sending us log files. Our initial investigation has assumed that this was caused by once IE8 finished downloading content and reset the connection to remote server, there could be a timing issue that Firewall will treat subsequent packets coming from server as solicited incoming request and then prompted to user. We are trying to reproduce the issue in house and find a solution to it. At the same time this issue shouldn’t affect the functionality of the browser or have any security impact to your system. The current workaround is to give IE8 full access at this time to avoid annoying and false positive alerts.
They are at least looking at it but I would imagine they design these things for the average user who would prefer things to be as simple as possible and I'm sure that is a major factor. I've used a number of the consumer brands of firewalls on my various systems and all of them have had similar modus operandi. Full access for IE or other browsers.Message was edited by: Ex_Brit on 28/12/10 1:15:32 EST PM
Things to be as simple as possible would mean that McAfee Firewall would NOT keep asking whether a program may have outbound acces when it is clear that the user does not want this. But the solution is really trivial - just a matter of some recoding.
@McAfee - All those so-called solutions to 'just allow full acces' are not a solution to this problem. Either McAfee gives control to the user to determine whether a program may have outoging acces only or may also receive any incoming connections, or McAfee drops this support and just gives the options "allow full access" and "block". In the latter case I'll of course take a different security package - I want that control, and with good reasons I think. And it is not about browsers, they are just examples. ANY program has this problem. I will briefly describe the problem again and propose a very simple solution:
McAfee Firewall [henceforth: MF} used to ask if a program may have internet acces. The choice was for the user: no, only outgoing, or full. In the past, MF would remember which setting you chose. If a program was only allowed outgoing access, but at a certain moment indicated that it would like to receive incoming connections, then MF would ask ONCE, and only once, more if the user would grant full access. If the user denied this, MF would be satisfied and silently block any receive-incoming-attempts of the program in the future.
This feature was lost in the update to 2011 (and apparently it was missing already, for some users, in Februari this year, but I did not have the problem yet back then). i.e. right now, any time a program is only allowed outgoing access, not allowed to accept incoming connections, MF just forgets and ask every time the program initiates. So this is the bug: where in the past MF would ask at most twice whether a program may accept incoming connections, now MF just ask every time (until you either yield and allow full access - but this is of course not a solution, but a remedy that reduces user-control unnecessarily and also presents a certain, increased security risk - or you install a different firewall...).
A McAfee developer is contacted, told, and he or she quickly solves the problem by making the behaviour as it was, namely as follows (in bold was needs to be changed):
A. A program for which no rule is present yet wants outgoing access and/or accept incoming connections. The user is prompted per his/her settings. User choice is saved and remembered for the future.
B. A program for which a rule is present that says "outgoing access only" wants to accept incoming connections. The user is prompted ONCE if he/she wants to change the rule to "full access allowed", or wants to keep the rule as it is, i.e. "outgoing access only".
C. A program for which a rule is present that says "outgoing access only" wants to accept incoming connections. The user was already prompted once, so MF silently blocks the attempt to accept incoming connections.
For clearness' sake, the part starting at B above at this (buggy) moment reads something like "B. A program for which a rule is present that says "outgoing access only" wants to accept incoming connections. User choice is saved, but ignored. Prompt the user any time the program wants to receive incoming connections, even if the user will go mad because of this.Message was edited by: Yellew_One on 12/29/10 7:23:23 AM CST
I know and we have passed all that on to them. I'm pretty sure it's too late for this version and most likely for the version in beta testing, although that is the best way to get these things done, by becoming a beta tester and filing bug reports.
Since I started this thread [over a month ago...], I feel entitled to push the reset button. I would still like an answer to the original question: Is there any way to get McAfee firewall to accept the permission selections? This includes the use case where I select one of the dialog box-offered choices [allow always, allow once, block] and then go into the application and change it to outgoing only - which is the preferred option for most programs that need access.
So - it appears this issue arose when somebody at McAfee changed some code during an upgrade, and it looks like McAfee either cannot find where the code changed, or it is taking an act of Congress to get them to even look. Either way, the customer is not being helped.
Query: Given the above, my current question is whether it is possible to roll back to a prior version of the software that does not have this problem?
No there isn't and there's no way to roll back either.
The permissions are Full, Outgoing or Block and that's it.
I agree there should be more choices but I guess they are trying to make it as simple as possible as most users aren't as clued in as you regarding this sort of thing..
Perhaps I missed something, I thought the thread was still entirely on topic, so I don't understand the reset...
Ah, I see, originally your problem was that you would not even get the choice in the dialog box of choosing 'outgoing only'? That seems very strange. I do have that choice - isn't this some configurable option? I now see that in later posts you also go in the direction of where I am headed (and I thought the entire thread), of MF keeping asking for permissions when you've already set them.
The three choices of permissions are fine. The issue is that the firewall program does not honor the selection. Even after programs are set to 'outgoing only’; we are continually prompted to allow full access. If we have already selected outgoing only for a specific program, the selection should be honored without further prompts. Otherwise, why even offer the outgoing only option? By the same token, some programs that have no permissions set cause a firewall message stating that Mcafee has allowed the program; even though the option to have the user, not Mcafee, allow or disallow all programs has been selected. This behavior started with the 2010 version, and was never an issue in the past.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: