Endpoint Security Firewall mfefw.exe process stops responding due to invalid IP address
Last Modified: 2022-11-16 06:48:22 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Endpoint Security Firewall mfefw.exe process stops responding due to invalid IP address
Technical Articles ID:
KB96114
Last Modified: 2022-11-16 06:48:22 Etc/GMT Environment
Endpoint Security Firewall (ENS) 10.x
Summary
The ENS Firewall service process ( For example, invalid IP addresses include extra zero characters where they aren't needed, such as 192.168.50.01. In this example, the extra zero isn't needed and can be simplified to 192.168.50.1. The following entries are related to this issue with the main error in the Application Event Viewer Faulting module name: FirewallBLObject.dll, version: 10.7.0.2157, time stamp: 0x61ea0448 Exception code: 0xc0000005 Fault offset: 0x00000000000af818 Faulting process id: 0x11dc Faulting application start time: 0x01d8eecde1d9448d Faulting application path: C:\Program Files\McAfee\Endpoint Security\Firewall\mfefw.exe Faulting module path: C:\Program Files\McAfee\Endpoint Security\Firewall\FirewallBLObject.dll Report Id: 19df01e0-70b8-45ee-a296-efcfadb3059a Faulting package full name: Faulting package-relative application ID: " EndpointSecurityPlatform_Errors.log | FIREWALL - setPropertiesEndEx ( [55254504]) : operation returned non-success: BL_ERROR_FAILED_CONNECTION 2022-11-02 11:23:04.411-0500|Error |McTray |McTray | 10128| 10680|McTrayUPC |TechnologyTopicHandler.cpp(152) | CheckTechnologyState failed to get technology status from BO: FIREWALL 2022-11-02 11:23:04.426-0500|Error |McTray |McTray | 10128| 10680|McTrayUPC |TechnologyTopicHandler.cpp(217) | Firewall is not responding. Firewall_Debug.log IsIPV4orIPV6 - GetAddrInfo failed with error 11001 with last error 11001 EndpointSecurityPlatform_Debug.log | Illegal message format detected; shutting down channel McTray2790(o,0x2790,0x0) <--> mfefw.exe(u,0x0,0x57ae098) 2022-11-02 11:23:04.411-0500|Error |McTray |McTray | 10128| 10680|McTrayUPC |TechnologyTopicHandler.cpp(152) | CheckTechnologyState failed to get technology status from BO: FIREWALL 2022-11-02 11:23:04.411-0500|Debug |McTray |McTray | 10128| 10680|McTrayUPC |TechnologyTopicHandler.cpp(153) | CheckTechnologyState failed to get technology status from BO: FIREWALL, error: 80000100L 2022-11-02 11:23:04.426-0500|Error |McTray |McTray | 10128| 10680|McTrayUPC |TechnologyTopicHandler.cpp(217) | Firewall is not responding. Cause
An invalid IP address was used in the ePolicy Orchestrator policy or in the Standalone ENS Firewall client.
SolutionTechnical Support is investigating this issue. As a temporary measure, implement the following workaround.
Workaround
Review the ENS Firewall rules and verify if there are any extra zero characters in IP address fields (for example, such as IP Range fields). Remove these extra characters.
Affected ProductsLanguages:This article is available in the following languages: |
|