Create rule to prevent IRC communication

Use this task to create an Endpoint Security firewall rule that is equivalent to the predefined Access Protection rule AVO11 in VirusScan Enterprise 8.8.

Note: See the Endpoint Security Firewall product documentation for more information about creating firewall rules.

Rule AVO10: Prevent mass mailing worms from sending mail

Rule AVO11 G_030_AntiVirusOn { 
		Description "Prevent IRC communication" 
		Process { Include * } 
		Port IOTU { Include 6666 6669 } 
		} 
		

Task

  1. In McAfee ePO, select MenuPolicyPolicy Catalog, then select Endpoint Security Firewall from the Product list.
  2. From the Category list, select Rules.
  3. Click the name of the assigned Firewall Rules policy.
  4. Click New Rule, then configure the following settings.
    • Action: Block
    • Direction: Either
    • Network protocol: Any protocol
    • Transport protocol: TCP
    • Local ports: 6666-6669
    • Remote ports: 6666-6669
  5. Click Save.

Results

This rule is created and enabled in Endpoint Security for all managed systems where it is assigned.
Note: The AVO11 rule was disabled by default in VirusScan Enterprise 8.8, so IRC traffic was allowed. To achieve the VirusScan Enterprise default behavior in Endpoint Security, change the Block rule's Action to Allow.