McAfee ePO – Client Firewall Exceptions to Allow Agent Deployment


KB ID 0000952 Dtd 05/06/14


It's been a while, since I deployed ePO, and as I've got a big McAfee roll-out coming up I thought I'd better run it up on the test bench and see how much it's changed since version 4. As the prospective client is going to use Server 2012 and Windows 8, that's what I tested it with.

Despite my best efforts the the McAfee agent (8.6) refused to deploy to the clients as long as I had the windows firewall on. A quick Google turned up a myriad of suggestions for ports and services, and most of them were for older versions of ePO or were simply incorrect.


Basically you need to to do two things with the firewall;

  • Allow in ICMP echo requests
  • Allow in File and Printer sharing

Set Firewall to Allow McAfee Agent deployment via Group Policy

This is the simplest option, especially if you have a lot of client to deploy to.

1. On your Domain Controller > Launch the Group Policy Management Console > Create a new policy (or edit an existing one), that is linked either to the root of the domain, or the OU that your computers are in.

group policy mcafee deploy

2. Edit The policy, and navigate to;

Computer ConfigurationAdministrative TemplatesNetworkNetwork ConnectionsWindows FirewallDomain ProfileWindows Firewall: Allow ICMP exceptions


3. Set to Enabled > Select 'Allow inbound echo request' > Apply > OK.

allow inbound icmp group policy

4. In the same location select 'Windows Firewall: Allow inbound file and printer sharing exception'.

GPO Allow file and printer sharing

5. Enable this policy > Then enter the IP address of the ePO server > Apply > OK.

Inbound firewall file and print

6. Then either reboot the clients, wait a couple of hours, or manually run "gpupdate /force" on them. Then Re-deploy your McAfee agent.

Set Firewall to Allow McAfee Agent deployment on an Individual Machine

1. Windows Key +R > cmd {Enter} > firewall.cpl {Enter}.

firewall shortcut

2. Allow an app or feature though Windows Firewall.

Allow Windows Firewall

3. Locate 'File and Printer Sharing' and enable (Note: Here I've enabled for Domain, Public, and Private, you may only want to select Domain) > OK.

File and Printer Sharing Exception

4. Advanced Settings > Inbound Rules > New Rule.

Inbounf Windows Firewall Exception

5. Custom > Next.

Custom firewall rule

6. All Programs > Next.

Allow program through Windows firewall

7. Protocol Type = ICMPv4 > Customize > Echo Request > OK > Next.

Allow Ping Windows Firewall

8. Enter the IP address of your ePO server > Next.

Allow IP to ping

9. Allow the connection > Next.

Windows 8 Firewall Exception

10. Select as appropriate > Next.

Firewall Profiles

11. Give the rule a sensible name > Finish.

Allow pinging to windows

12. Re-deploy your McAfee agent.

Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On