Home » McAfee Manuals » Computer Software » McAfee MIS70E001RCA » Manual Viewer

McAfee MIS70E001RCA User Guide - Page 64

Events from computers on your LAN, Events from private IP addresses

UPC - 731944540689

View all McAfee MIS70E001RCA manuals

Add to My Manuals
Save this manual to your list of manuals

Page 64 highlights

McAfee Personal Firewall Plus Personal Firewall allows traffic from these programs, so if you see events from 127.0.0.1, it is likely that the source IP address is spoofed, or faked. Spoofed packets are usually indicate that another computer is scanning yours for Trojans. Personal Firewall blocks such intrusion attempts, so your computer is safe. Some programs, notably Netscape 6.2 and higher, require you to add 127.0.0.1 to the Trusted IP Addresses list. These programs' components communicate between each other in such a manner that Personal Firewall cannot determine if the traffic is local or not. In the example of Netscape 6.2, if you do not trust 127.0.0.1, then you will not be able to use your buddy list. Therefore, if you see traffic from 127.0.0.1 and all of the applications on your computer work normally, then it is safe to block this traffic. However, if a program (like Netscape) experiences problems, add 127.0.0.1 to the Trusted IP Addresses list in Personal Firewall. If placing 127.0.0.1 in the trusted IP list fixes the problem, then you need to weigh your options: if you trust 127.0.0.1, your program will work, but you will be more open to spoofed attacks. If you do not trust the address, then your program will not work, but you will remain protected against certain malicious traffic. Events from computers on your LAN Events can be generated from computers on your local area network (LAN). To show that these events are generated by your network, Personal Firewall displays them in green. In most corporate LAN settings, you should select Make all computers on your LAN Trusted in the Trusted IP Addresses options. In some situations, your "local" network can be as dangerous than the Internet, especially if your computer runs on a high-bandwidth DSL or cable modem based network. In this case, do not to select Make all computers on your LAN Trusted. Instead, add the IP addresses of your local computers to the Trusted IP Addresses list. Events from private IP addresses IP addresses of the format 192.168.xxx.xxx, 10.xxx.xxx.xxx, and 172.16.0.0 172.31.255.255 are referred to as non-routable or private IP addresses. These IP addresses should never leave your network, and can be trusted most of the time. The 192.168.xxx.xxx block is used with Microsoft Internet Connection Sharing (ICS). If you are using ICS, and see events from this IP block, you might want to add the IP address 192.168.255.255 to your Trusted IP Addresses list. This will trust the entire 192.168.xxx.xxx block. If you are not on a private network, and see events from these IP ranges, the source IP address might be spoofed, or faked. Spoofed packets are usually signs that someone is scanning for Trojans. It's important to remember that Personal Firewall blocked this attempt, so your computer is safe. 64 McAfee® Internet Security Suite®software

Section	Page
Quick Start Card	3
Introduction	11
McAfee Internet Security software	12
System requirements	12
Supported e-mail programs	13
Toolbar plug-in requirements	13
Supported instant messaging programs	13
Using McAfee SecurityCenter	13
Removing Internet Security Suite programs	15
McAfee VirusScan	17
New features	17
Testing VirusScan	19
Testing ActiveShield	19
Testing Scan	19
Using McAfee SecurityCenter	21
Using ActiveShield	21
Enabling or disabling ActiveShield	21
Enabling ActiveShield	22
Disabling ActiveShield	23
Configuring ActiveShield options	23
Starting ActiveShield	23
Stopping ActiveShield	24
Scanning e-mail and attachments	24
Scanning for worms	26
Scanning inbound instant message attachments	28
Scanning all files	28
Scanning program files and documents only	29
Scanning for new unknown viruses	29
Scanning for scripts	30
Scanning for Potentially Unwanted Programs (PUPs)	31
Understanding security alerts	32
Managing detected files	32
Managing detected e-mail	33
Managing suspect scripts	33
Managing potential worms	33
Managing PUPs	34
Manually scanning your computer	35
Manually scanning for viruses and other threats	35
Scanning via Windows Explorer	38
Scanning via Microsoft Outlook	38
Automatically scanning for viruses and other threats	38
Understanding threat detections	40
Managing quarantined files	41
Creating a Rescue Disk	43
Write-protecting a Rescue Disk	44
Using a Rescue Disk	44
Updating a Rescue Disk	44
Automatically reporting viruses	44
Reporting to the World Virus Map	45
Viewing the World Virus Map	46
Updating VirusScan	47
Automatically checking for updates	47
Manually checking for updates	47
McAfee Personal Firewall Plus	49
New features	49
Removing other firewalls	51
Setting the default firewall	51
Setting the security level	52
Testing McAfee Personal Firewall Plus	54
Using McAfee SecurityCenter	54
About the Summary page	55
About the Internet Applications page	60
Changing application rules	61
Allowing and blocking Internet applications	61
About the Inbound Events page	62
Understanding events	63
About IP addresses	63
Events from 0.0.0.0	63
Events from 127.0.0.1	63
Events from computers on your LAN	64
Events from private IP addresses	64
Showing events in the Inbound Events log	65
Showing today's events	65
Showing this week's events	65
Showing the complete Inbound Events log	65
Showing events from a specific day	66
Showing events from a specific Internet address	66
Showing events that share identical event information	67
Responding to inbound events	67
Tracing the selected event	67
Getting advice from HackerWatch.org	67
Reporting an event	68
Signing up for HackerWatch.org	68
Trusting an address	68
Banning an address	69
Managing the Inbound Events log	71
Archiving the Inbound Events log	71
Viewing an archived Inbound Events log	71
Clearing the Inbound Events log	71
Copying an event to the Clipboard	72
Deleting the selected event	72
About alerts	72
Red alerts	73
Internet Application Blocked alert	73
Application Wants to Access the Internet alert	75
Application Has Been Modified alert	76
Application Requests Server Access alert	77
Green alerts	78
Application Allowed to Access the Internet alert	78
Application Has Been Modified alert	79
Blue alerts	80
Connection Attempt Blocked alert	80
McAfee Privacy Service	81
Features	81
The Administrator	81
Setting up Privacy Service	82
Setting up a Pre-installed version of Privacy Service	82
Retrieving the Administrator Password	83
Removing Privacy Service with Safe Mode	83
The Startup user	84
Configuring the Administrator as Startup User	84
Using McAfee SecurityCenter	84
Launching McAfee Privacy Service	85
Launching and signing in to Privacy Service	85
Disabling Privacy Service	85
Updating McAfee Privacy Service	85
Removing and Re-installing Privacy Service	86
Removing Privacy Service	87
Installing Privacy Service	87
Setting the password	88
Setting the age group	88
Setting the cookie blocker	88
Setting the Internet Time limits	89
Creating Web Site Permissions with Keywords	89
Changing passwords	90
Changing a user’s information	91
Changing cookie blocker setting	91
Editing the Accept and Reject Cookie List	91
Changing the age group	92
Changing Internet time Limits	92
Changing the Startup user	93
Removing users	93
Blocking Web sites	93
Allowing Web sites	93
Blocking information	94
Adding information	94
Editing information	94
Removing personal information	94
Blocking Web bugs	95
Blocking advertisements	95
Allowing cookies from specific Web sites	96
Date and time	96
User	96
Summary	96
Event Details	96
Saving the Current Log	96
Viewing Saved Logs	97
Erasing files permanently using McAfee Shredder	97
Why Windows leaves file remnants	98
What McAfee Shredder erases	98
Permanently erasing files in Windows Explorer	98
Emptying the Windows Recycle Bin	98
Customizing Shredder settings	98
Backing up the Privacy Service database	99
Restoring the Backup Database	99
Changing your password	100
Changing your user name	100
Clearing your cache	101
Accepting cookies	101
If you need to remove a web site from this list:	101
Rejecting cookies	102
If you need to remove a web site from this list:	102
McAfee SpamKiller	103
User options	103
Filtering	103
Features	104
Understanding the top pane	104
Understanding the Summary page	105
Microsoft Outlook and Outlook Express integration	105
Using McAfee SecurityCenter	106
Disabling SpamKiller	107
Adding e-mail accounts	107
Adding an e-mail account	108
Pointing your e-mail client to SpamKiller	108
Deleting e-mail accounts	109
Deleting an e-mail account from SpamKiller	109
Editing e-mail account properties	109
POP3 accounts	109
Editing POP3 accounts	109
MSN/Hotmail accounts	112
Editing MSN/Hotmail accounts	112
MAPI accounts	113
Editing MAPI accounts	114
Adding users	115
User passwords and protecting children from spam	116
Creating a password for an existing SpamKiller user	116
Adding a user to SpamKiller	116
Editing SpamKiller user profile	117
Deleting a SpamKiller user profile	117
Logging on to SpamKiller in a multi-user environment	117
Switching between users	117
Opening a Friends List	119
Importing address books	119
Importing an address book by automatic import	120
Importing an address book manually	120
Editing address book information	121
Deleting an address book from the automatic import list	121
Adding friends	122
Adding friends from the Blocked E-mail or Accepted E-mail page	122
Adding friends from the Friends page	123
Adding friends from Microsoft Outlook	123
Editing friends	123
Deleting friends	124
Blocked E-mail page	125
Accepted E-mail page	127
Tasks for Blocked E-mail and Accepted E-mail	128
Rescuing messages	129
From the Blocked E-Mail page	129
From the SpamKiller folder in Microsoft Outlook or Outlook Express	129
Blocking messages	129
From the Accepted E-mail page	129
From Microsoft Outlook	130
Where are the blocked messages	130
Deleting a message manually	130
Modifying how spam messages are processed	130
Tagging	130
Blocking	130
Modifying how SpamKiller processes spam messages	131
Using the AntiPhishing filter	131
Adding friends to a Friends List	132
Adding filters	132
Regular expressions	134
Reporting spam to McAfee	137
Sending complaints manually	137
Sending error messages	137
Sending an error message manually	138
SpamKiller is unable to communicate with its server	138
Starting the SpamKiller server manually	138
SpamKiller server is blocked by firewalls or internet filtering programs	138
Cannot connect to the e-mail server	139
Verifying your connection to the Internet	139
Dial-up Users	139
Broadband (Cable, DSL)	139
Verifying the POP3 server address for SpamKiller	139

Match case Limit results 1 per page

McAfee Personal Firewall Plus

McAfee

Internet Security Suite

software

Personal Firewall allows traffic from these programs, so if you see events from

127.0.0.1, it is likely that the source IP address is spoofed, or faked. Spoofed packets

are usually indicate that another computer is scanning yours for Trojans. Personal

Firewall blocks such intrusion attempts, so your computer is safe.

Some programs, notably Netscape 6.2 and higher, require you to add 127.0.0.1 to

the Trusted IP Addresses list. These programs’ components communicate between

each other in such a manner that Personal Firewall cannot determine if the traffic

is local or not.

In the example of Netscape 6.2, if you do not trust 127.0.0.1, then you will not be

able to use your buddy list. Therefore, if you see traffic from 127.0.0.1 and all of the

applications on your computer work normally, then it is safe to block this traffic.

However, if a program (like Netscape) experiences problems, add 127.0.0.1 to the

Trusted IP Addresses list in Personal Firewall.

If placing 127.0.0.1 in the trusted IP list fixes the problem, then you need to weigh

your options: if you trust 127.0.0.1, your program will work, but you will be more

open to spoofed attacks. If you do not trust the address, then your program will

not work, but you will remain protected against certain malicious traffic.

Events from computers on your LAN

Events can be generated from computers on your local area network (LAN). To

show that these events are generated by your network, Personal Firewall displays

them in green.

In most corporate LAN settings, you should select

Make all computers on your LAN

Trusted

in the Trusted IP Addresses options.

In some situations, your “local” network can be as dangerous than the Internet,

especially if your computer runs on a high-bandwidth DSL or cable modem based

network. In this case, do not to select

Make all computers on your LAN Trusted

Instead, add the IP addresses of your local computers to the Trusted IP Addresses

list.

Events from private IP addresses

IP addresses of the format 192.168.xxx.xxx, 10.xxx.xxx.xxx, and 172.16.0.0 -

172.31.255.255 are referred to as non-routable or private IP addresses. These IP

addresses should never leave your network, and can be trusted most of the time.

The 192.168.xxx.xxx block is used with Microsoft Internet Connection Sharing

(ICS). If you are using ICS, and see events from this IP block, you might want to

add the IP address 192.168.255.255 to your Trusted IP Addresses list. This will trust

the entire 192.168.xxx.xxx block.

If you are not on a private network, and see events from these IP ranges, the source

IP address might be spoofed, or faked. Spoofed packets are usually signs that

someone is scanning for Trojans. It's important to remember that Personal Firewall

blocked this attempt, so your computer is safe.