part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or
translated into any language in any form or by any means without the written permission of
Network Associates, Inc.
TRADEMARK ATTRIBUTIONS
ACTIVE SECURITY, ACTIVE SECURITY (IN KATAKANA), ACTIVEHELP, ACTIVESHIELD,
ANTIVIRUS ANYWARE AND DESIGN, BOMB SHELTER, CERTIFIED NETWORK EXPERT,
CLEAN-UP, CLEANUP WIZARD, CNX, CNX CERTIFICATION CERTIFIED NETWORK EXPERT
AND DESIGN, CYBERCOP, CYBERCOP (IN KATAKANA), CYBERMEDIA, CYBERMEDIA
UNINSTALLER, DESIGN (STYLIZED N), DISK MINDER, DISTRIBUTED SNIF FER SYSTEM,
DISTRIBUTED SNIFFER SYSTEM (IN KATAKANA), DR SOLOMON’S, DR SOLOMON’S LABEL,
ENTERPRISE SECURECAST, ENTERPRISE SECURECAST (IN KATAKANA), EZ SETUP, FIRST
AID, FORCEFIELD, GMT, GROUPSHIELD, GROUPSHIELD (IN KATAKANA), GUARD DOG,
HELPDESK, HOMEGUARD, HUNTER, ISDN TEL/SCOPE, LANGURU, LANGURU (IN
KATAKANA), M AND DESIGN, MAGIC SOLUTIONS, MAGIC SOLUTIONS (IN KATAKANA),
MAGIC UNIVERSITY, MA GICSPY, MAGICTREE, MCAFEE, MCAFEE (IN KATAKANA),
MCAFEE AND DESIGN, MULTIMEDIA CLOAKING, NET TOOLS, NET TOOLS (IN
KATAKANA), NETCRYPTO, NETOCTUPUS, NETSCAN, NETSHIELD, NETSTALKER,
NETWORK ASSOCIATES, NETXRAY, NOTESGUARD, NUTS & BOLTS, OIL CHANGE, PC
MEDIC, PC MEDIC 97, PCNOTARY, PGP, PGP (PRETTY GOOD PRIVACY), PRETTY GOOD
PRIVACY, PRIMESUPPORT, RECOVERKEY, RECOVERKEY - INTERNATIONAL, REGISTRY
WIZARD, REPORTMAGIC, RINGFENCE, ROUTER P M, SALESMAGIC, SECURECAST , SERVICE
LEVEL MANAGER, SERVICEMAGIC, SMARTDESK, SNIFFER, SNIFFER (IN HANGUL),
SNIFFMASTER, SNIFFMASTER (IN HANGUL), SNIFFMASTER (IN KATAKANA), SNIFFNET,
STALKER, SUPPORTMAGIC, TIS, TMEG, TNV, TVD, TNS, TOTAL NETWORK SECURITY,
TOTAL NETWORK VISI BILITY, TOTAL NETWORK VISIBILITY (IN KATAKAN A), TOTAL
SERVICE DESK, TOTA L VIRUS DEFENSE, TRUSTED M AIL, UNINSTALLER, VIREX, VIRUS
FORUM, VIRUSCAN, VIRU SSCAN, WEBSCAN, WEBSHI ELD, WEBSHIELD (IN KATAKANA),
WEBSNIFFER, WEBSTALK ER, WEBWALL, WHO’S WATCHING YOUR NETWORK,
WINGAUGE, YOUR E-BUSINESS DEFENDER, ZAC 2000, ZIP MANAGER are registered
McAfee Perpetual End User License Agr eement – United States of America
NOTICE TO ALL USERS: CA REFULLY READ THE FOLLOWING LEGAL AGREEMENT
("AGREEMENT"), FOR THE LICENSE OF SPECIFIED SOFTWARE ("SOFTWARE") PRODUCED
BY NETWORK ASSOCIATES, INC. ("McAfee"). BY CLICKING THE ACCEPT BUTTON OR
INSTALLING THE SOFTWARE, YOU (EITHER AN I NDIVIDUAL OR A SINGLE ENTITY)
CONSENT TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT. IF YOU DO NOT
AGREE TO ALL OF THE TER MS OF THIS AGREEMENT, CLICK THE BUTTON THAT
INDICATES THAT YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT AND DO NOT
INSTALL THE SO FTWARE. (IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE
PLACE OF PURCHASE FOR A FULL REFUND.)
1.License Grant. Subject to the payment of the applicable license fees, and subject to the terms and conditions of
this Agreement, McAfee hereby grants to you a non-exclusive, non-transferable right to use one copy of the
specified version of the Software and the accompanying docume ntation (the "Documenta tion"). You may instal l
one copy of t he S oftwar e on one co mpute r, w orkst atio n, pe rsona l di gita l ass istan t, pa ger, "sma rt ph one" or ot her
electronic device for which the Software was designed (each, a "Client Device"). If the Software is licensed as
a suite or bundle with more than one specified Software product, this license applies to all such specified
Software produ ct s, subject to any restri ct ions or usage terms specified on the applicable price list or product
packaging that apply to any of such Software products individually.
a.Use
b.Server-Mo de U se
c.Volume License Use
. The Software is licensed as a single product; it may not be used on more than one Client Device
or by more than one user at a time, except as set forth in this Sectio n 1 . The S o ftwa re is "in use" on a
Client Device when it is l oaded into th e temporary memory (i.e. , random-a ccess memory or RAM) or
installed into the permanent memory (e.g., hard disk, CD-ROM, or other storage device) of that Client
Device. This license authorizes you to make one copy of t he Software solely for backup or archiv al
purposes, p rovided t hat th e copy yo u make co ntains all of the Sof tware' s propri etar y notice s unalt ered
and unobstructed.
. You may use the Software on a Client Device as a server ("Se rver") within a
multi-user or n et wor ke d en vi ronm ent (" Se rver -Mo de" ) on ly if s uch use is pe rmit te d i n the a p pl icab le
price list or product packaging for the Software. A separate license is required for each Client Device
or "seat" that may connect to the Server at any time, regardless of whether such licensed Client
Devices or seats are concurrently connected to, accessing or using the Sof t w are. Use of software or
hardware that reduces the number of Client D evices or seats directly accessing or utilizi ng the
Software (e.g ., " m ultiplexing" or "pooling" software or hardware) d oes not reduce the number of
licenses required (i.e., the required number of licenses would equal the number of distinct inputs to
the multiple xing or pooling software or hardware " front end "). If the number of Client Devices or seats
that can conn ect to th e Soft war e can exce ed th e numbe r of li censes you ha ve obt aine d, the n you mus t
have a reasonable mechanism in place to ensure that your use of the Software does not exceed the use
limits specified for the licenses you have obtained. This license authorizes you t o make o r d ownlo ad
one copy of the Documentation for each Client Device or seat that is licensed, provided that each such
copy contains all of th e D ocumentation's proprietary notices una ltered and unobstruct ed.
. If the Software is licens ed with volume license terms s pecified in the applic able
product invoicing or product packaging for the Software, you may make, use and install as many
additional copies of the Software on the number of Client Devices as the volume license te rms specify.
You must have a reasona ble mechanism in place to ensure that the number of Client Devices on which
the Software has be en installed does no t ex ceed the number of licenses you have obtain ed. This
license authorizes you to make or download one copy of the Documentation for each additional copy
authorized by the volume license, provided that each su ch copy contains all o f t he D ocumentation' s
proprietary noti ce s unaltered and unobst ructed.
Product Guideiii
2.Term. This Agreement is effective for an unlimited duration unless and until earlier terminated as set forth
herein. This Agreement will terminate automatically if you fail to comply with any of the limitations or other
requirements described herein. Upon any termination or expiration of this Agreement, you must cease use of the
Software and destroy all copies of the Software an d the Documentat ion.
3.Updates. For the time period specified in the applicable product invoicing or product packaging for the
Software, you are entitled to download revisions or updates to the Software when and as Mc Afee publishes t hem
via its elect ronic bullet in boar d syste m, websi te or t hrough o ther on line ser vices. For a pe riod of ninety (90) days
from the date of the of original purchase of the Software, you are entitled to download one (1) revision or upgrade
to the Software when and as McAfee publishes it via its electronic bulletin board system, website or through
other online services. After the specified time period, you have no further rights to receive any revisions or
upgrades with out purchase of a new lic ense to the Software .
4.Ownership Ri ghts. The Software i s pr ot ected by United State s co pyright laws and int er national treaty
provisions. McAfee and its suppliers o wn and retain all right, title and intere st in and to the Software, in cludin g
all copyrights, patents, trade secret rights, trademarks and other intellectual property rights therein. Your
possession, installatio n, or us e of the Software does not trans fer to you any title to the in tellectual p roperty in the
Software, and you will not acquire any rights to the Software e xcept as e xpressly s et for th in thi s Agreement. All
copies of the Software and Documentation made hereunder must contain the same proprietary notices that appear
on and in the Softw ar e and Documentati on.
5.Restrictions. You may not sell, lease, license, rent, lo an or otherwise transf er, with or without consid eration, the
Software. Mc A fee updates its Soft ware frequently and performance dat a for its Software change. Before
conducting be nchmark tests rega rding this Softwa re, contact McAfe e to verify that You possess the correct
Software for the test and the then current version and editio n of the Software . You agree not to permit any third
party (other than t hi rd parties under contract with You whic h contains nondiscl os u r e obligations no less
restrictive than thos e set forth herein) to use the Licensed Pro gram in any form and sha ll use all reasonab le efforts
to ensure that no im p r oper or unauthorize d use of the Licensed Prog r am is made. You may no t p ermit third
parties to benefit from the use or functionality of the Software via a timesharing, service bureau or other
arrangement, except to the extent such use is specified in the applicable list price or product packaging for the
Software. You m ay not transfer any of th e ri ghts granted to you under this Agreement. You may not re ver se
engineer, decompile, or disassemble the Software, except to the extent the forego in g restriction is ex pr essly
prohibited by applicable law. You may not mo dify, or crea te derivative wo rks based upon, the Software in whole
or in part. You may not copy the Software or Documentation except as expressly permitted in Section 1 above.
You may not rem ove any proprieta ry notices or labels on the Software. All ri ghts not expressly set forth
hereunder are res erved by McAfee.
6.Warranty and Disclaimer.
a.Limited Warranty
. McAfee warrants that for sixty (60) days from the date of original purchase the
media (e.g., diskettes) on which the Software is contained will be free from defects in materials and
workmanship.
b.Customer Remedies
. McAfee's and its suppliers' entire liability and your exclusive remedy for any
breach of the fo regoing warranty s hall be, at McAfee' s option, either (i) return of the purchase price
paid for the license, if any, or (ii) replacement of the defective media in which the Software is
contained. You m us t r et ur n the defective media to M cAfee at your expense w ith a copy of your
receipt. This limited war ranty is void if the defect has resu lted from accident , abuse, or misapp lication.
Any replacement media will be warran te d for the remainder of the original warranty period. Outside
the United States, this remedy is not available to the extent McAfee is subject to restrictions under
United States export control laws and regulations.
ivMcAfee Firewall 4.0
c.Warranty Disclaimer. Except for the limited warranty set forth herein, THE SOFTWARE IS
PROVIDED "AS IS." TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW,
MCAFEE DISCLAIMS ALL WARRANTIES, EI THER EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, AND NONINFRINGEMENT WITH RESPECT TO THE SOFTWARE
AND THE ACCOMPANYING DOCUMENTATION. YOU ASSUME RESPONSIBILITY FOR
SELECTING THE SOFTWARE TO ACHIEVE YOUR INTENDED RESULTS, AND FOR THE
INSTALLATION OF, USE OF, AND RESULTS OBTAINED FROM THE SOFTWARE.
WITHOUT LIMITING THE FOREGOING PROVISIONS, MCAFEE MAKES NO WARRANTY
THAT THE SOFTWARE WILL BE ERROR-FREE OR FREE FROM INTERRUPTIONS OR
OTHER FAILURES OR THAT THE SOFTWARE WILL MEET YOUR REQUIREMENTS. SOME
STATES AND JURISDICTIONS DO NOT ALLOW LIMITATIONS ON IMPLIED
WARRANTIES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU. The foregoing
provisions shall be enforceable to the maximum extent permitted by applicable law.
7.Limitation of Liability. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER
IN TORT, CONTRACT, OR OTHERWISE, SHALL MCAFEE OR ITS SUPPLIERS BE LIABLE TO YOU
OR TO ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF
GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR FOR ANY AND ALL
OTHER DAMAGES OR LOSSES. IN NO EVENT WILL MCAFEE BE LIABLE FOR ANY DAMAGES IN
EXCESS OF THE LIST PRICE MCAFEE CHAR GES FOR A LICENSE TO THE SOFTWARE, EVEN IF
MCAFEE SHALL HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS
LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL
INJURY TO THE EXTENT THAT APPLICABLE LAW PROHI BITS SUCH LIMITATION.
FURTHERMORE, SOME STATES AND JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND
EXCLUSION MAY NOT APPLY TO YOU. The foregoing provisions shall be enforceable to the maximum
extent permitted by applic able law.
8.United States Government. Th e Software and accompanying Documentation are deemed to be "commercial
computer software" and "commercial computer software documentation," respectively, pursuant to DFAR
Section 227.7202 and FAR Section 12.212, as applicable. Any use, modification, reproduction, release,
performance, di splay or disclosure of the Software an d accompanying Do cumentation by th e U ni t ed States
Government shall be govern ed solely b y the ter ms of this Agreement and shall b e prohibite d except t o the ex tent
expressly permitted by the terms of this Agreement.
9.Export Controls. You are advised that the Software is subject to the U.S. Export Administration Regulations.
You shall not exp ort, import or transfer Software cont rary to U.S. or other applicable laws, w hether directly or
indirectly, and will not cause, app ro ve or otherwise facilitate others such as agents or any third par tie s in do ing
so. You represen t and agrees that neit her the United States Bureau of Export A dministration nor any other
federal agency has suspended, revoked or denied your export privileges. You agree not to use or transfer the
Software for end use relating to an y nuclear, chemical or biological weapons, or missile technology unless
authorized by the U.S. Government by regulation or specific license. Additionally, you acknowledge that the
Software is sub j ect to export control regulations in the E ur opean Union and you h ereby declare and agree that
the Software will not be used for any other purpose than civil (non-military) purposes. The parties agree to
cooperate w ith eac h ot he r with re spec t to any app lic at io n f or a ny req ui re d li cen ses an d ap pr ova ls, ho wev er, yo u
acknowledge it is your ultimate responsibility to comply with any and all export and import laws and that
McAfee has no further responsibility after the initial sale to you within the original country of sale.
Product Guidev
10. High Risk Activities. The Softwar e i s not fault-tolerant and is not designed o r i nt ended for use in hazardous
environments requiring fa il-safe perf ormance, including wi thout limitatio n, in the operati on of nuclear f acilities,
aircraft navigation or communication systems, air traffic control, weapons systems, direct life-support machines,
or any other application in which the failure of the Software could lead directly to death, personal injury, or
severe physical or property damage (collectively, "High Risk Activities"). McAfee expressly disclaims any
express or impli ed w arranty of fitness f o r High Risk Activities .
11. Miscellaneous. This Agreement is governed by the laws of the United States and the State of California,
without reference to conflic t o f laws principles. The application of the United Na tio ns Convention of Contracts
for the International Sa le of Goods is e xpress ly exc luded. This Agree ment se ts f orth a ll rig hts for the user of the
Software and is the entire agreement between the parties. McAfee reserves the right to periodically audit you to
ensure that you are not usi ng an y Soft ware in v io lat io n of t his Agree men t. D uri ng yo ur sta ndar d bus ine ss hour s
and upon prior wr itt en notice, McAfee may visit you and you w i ll m ake available to Mc A fee or its
representatives any records perta ining to the Softwar e to McAfee. The cost of any requeste d audit will be solely
borne by McAfee, unless such aud it di scloses an underpayment or amount due to McAfee in exce ss of five
percent (5%) of the initial li cens e f ee fo r th e S of twar e or y ou ar e usin g the Software in an unauthorized manor,
in which case you shall pay the cost of the au di t. This Agreement supersedes any other communications w ith
respect to the Software and Documentation. This Agreement may not be modified except by a written addendum
issued by a duly authorized representative of McAfee. No provision hereof shall be deemed waived unless such
waiver shall be in writing and signed by McAfee or a duly authorized representative of McAfee. If any provision
of this Agreement is held invalid, the remainder of this Agreement shall continue in full force and effect. The
parties c onfirm th a t it is their wish that this Agreement has been writ ten in the English language on ly.
12. MCAFEE CUSTOMER CONTACT. If you have any questions concerning these terms and conditions, or if
you would like to contact McAfee for any other reason, please call (408) 988-3832, fax (408) 970-9727, or write:
Network Associ ates, Inc., McAfee Software Division, 3 965 Freedom Circle, Santa Clara, Califo rn ia 95054.
http://www.nai.com.
viMcAfee Firewall 4.0
McAfee Perpetual End User License Agr eement – Canada
NOTICE TO ALL USERS: CA REFULLY READ THE FOLLOWING LEGAL AGREEMENT
("AGREEMENT"), FOR THE LICENSE OF SPECIFIED SOFTWARE ("SOFTWARE") BY NETWORK
ASSOCIATES INTERNATIONAL B.V. ("McAfee"). BY CLICKING THE ACCEPT BUTTON OR
INSTALLING THE SOFTWARE, YOU (EITHER AN I NDIVIDUAL OR A SINGLE ENTITY)
CONSENT TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT. IF YOU DO NOT
AGREE TO ALL OF THE TER MS OF THIS AGREEMENT, CLICK THE BUTTON THAT
INDICATES THAT YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT AND DO NOT
INSTALL THE SO FTWARE. (IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE
PLACE OF PURCHASE FOR A FULL REFUND.)
1.License Grant. Subject to the payment of the applicable license fees, and subject to the terms and conditions of
this Agreement, McAfee hereby grants to you a non-exclusive, non-transferable right to use one copy of the
specified version of the Software and the accompanying docume ntation (the "Documenta tion"). You may instal l
one copy of t he S oftwar e on one co mpute r, w orkst atio n, pe rsona l di gita l ass istan t, pa ger, "sma rt ph one" or ot her
electronic device for which the Software was designed (each, a "Client Device"). If the Software is licensed as
a suite or bundle with more than one specified Software product, this license applies to all such specified
Software produ ct s, subject to any restri ct ions or usage terms specified on the applicable price list or product
packaging that apply to any of such Software products individually which you acknowledge you have received
and read.
a.Use
b.Server-Mo de U se
. The Software is licensed as a single product; it may not be used on more than one Client Device
or by more than one user at a time, except as set forth in this Sectio n 1 . The S o ftwa re is "in use" on a
Client Device when it is l oaded into th e temporary memory (i.e. , random-a ccess memory or RAM) or
installed into the permanent memory (e.g., hard disk, CD-ROM, or other storage device) of that Client
Device. This license authorizes you to make one copy of t he Software solely for backup or archiv al
purposes, p rovided t hat th e copy yo u make co ntains all of the Sof tware' s propri etar y notice s unalt ered
and unobstructed.
. You may use the Software on a Client Device as a server ("Se rver") within a
multi-user or n et wor ke d en vi ronm ent (" Se rver -Mo de" ) on ly if s uch use is pe rmit te d i n the a p pl icab le
price list or prod uc t p ack ag in g f or t he S of twar e w hic h y ou a ck now le dge y o u hav e r ec eive d and r ea d.
A separate licens e is required for each Client Device or "s eat" that may connect to the Server at any
time, regardless of whether such licensed Client Devices or seats are concurrently connected to,
accessing or using t he Software. Use of software or hardware th at reduces the number of Client
Devices or seats directly accessing or utilizing the Software (e.g., "multiplexing" or "pooling"
software or hardware) does not reduce the number of licens es required (i.e., the required number of
licenses would equal the number of distinct inputs to the multiplexing or pooling software or hardware
"front end"). If the number of Client Devices or seats that can connect to the Software can exceed the
number of lice nses yo u have obt ained, then you m ust have a reasona ble mecha nism in pl ace to ensure
that your use of the Software does not exceed the use limits specified for the licenses you have
obtained. This license authorizes you to make or download one copy of the Documentation for each
Client Devi ce or sea t that i s licensed , provi ded that each such c opy cont ains all of the Doc umentati on's
proprietary noti ce s unaltered and unobst ructed.
Product Guidevii
c.Volume License Use. If the Software is licensed with volume lic ense terms specified in t he applicable
price list or product packaging for the Software, you may make, use and install as many additional
copies of the Softw ar e on the number of Client D evices as the volume license authorizes. Y ou must
have a reasonable mechanism in place to ensure that t he number of Clien t Devices on which the
Software has been installed does not exceed the number of licenses you have obtained. This license
authorizes you to m ake or download one co py of the Documentation for each additional copy
authorized by th e volume license, provided that each su ch copy contains all o f t he D ocumentation' s
proprietary notices unaltered and unobstructed.
2.Term. This Agreement is effective for an unlimited duration unless and until earlier terminated as set forth
herein. This Agreement will terminate automatically if you fail to comply with any of the limitations or other
requirements described herein. Upon any termination or expiration of this Agreement, you must cease use of the
Software and destroy all copies of the Software an d the Documentat ion.
3.Updates. For th e time period specified in the applicable price list or prod uct packaging for the Software, you are
entitled to download revisions or updates to the Software when and as McAfee publishes them via its electronic
bulletin board system, website or through other online services. For a period of ninety (90) days from the date
of the of origina l pu rchase of the Software, you are entitled to download one (1) revision or upgrade to the
Software whe n and as McAfee publi shes it via its electro nic bulletin board system, websit e or through other
online services. After the specified time period, you have no further rights to receive any revisions or upgrades
without purchase of a new license to the Software.
4.Ownership Ri ghts. The Software is prot ected by United State s co pyright laws and int er national treaty
provisions. McAfee and its suppliers o wn and retain all right, title and intere st in and to the Software, in cludin g
all copyrights, patents, trade secret rights, trademarks and other intellectual property rights therein. Your
possession, installatio n, or us e of the Software does not trans fer to you any title to the in tellectual p roperty in the
Software, and you will not acquire any rights to the Software e xcept as e xpressly s et for th in thi s Agreement. All
copies of the Software and Documentation made hereunder must contain the same proprietary notices that appear
on and in the Softw ar e and Documentati on.
5.Restrictions. You may not sell, leas e, license, rent, lo an or otherwise transf er, with or without consid eration, the
Software. Mc A fee updates its Soft ware frequently and performance dat a for its Software change. Before
conducting be nchmark tests rega rding this Softwa re, contact McAfe e to verify that You possess the correct
Software for the test and the then current version and edition of the Software. Benchmark tests of former,
outdated or inappropriate versions or editions of the Software may yield results that are not reflective of the
performance of the current version o r edition of the Software. You agree not to permit any thir d party (other than
third parties under contract with you which contract contains nondisclosure obligations no less restrictive than
those set forth herein) to use the Software in any form and shall use all reasonable efforts to ensure that there is
no improper or un aut horized use of the Sof tware. You may not per m it third parties to benefit from the use or
functionalit y of the Software via a timesharing, service bureau o r other arrangement, except to the extent such
use is specified in th e applicable list pri ce or product packag in g for the Software. Y ou m ay not transfer any of
the rights granted to you under this Agreement. You may not reverse engineer, decompile, or disassemble the
Software, except to the extent the foregoing restriction is expressly prohibited by applicable law. The interface
information necessary to achieve interopera bility of the Software with indep endently created comp uter programs
will be supplied by McAfee on reque st and on payment of suc h reasonable costs and expenses of McAfee in
supplying th at i nfor mat i on. Yo u ma y not m odif y, or cre a te de ri vati ve work s ba sed up on, th e Sof twar e in whol e
or in part. You may not copy the Software or Documentation except as expressly permitted in Section 1 above.
You may not remove or alter any proprietary notices or labels o n the Softwa re or Documen tation . All righ ts not
expressly set fo rth hereunder are reserved by McA f ee.
6.Warranty and Disclaimer.
viiiMcAfee Firewall 4.0
a.Limi ted Warranty. McAfee warrants that for sixty (60) days from the date of original purchase the
media (e.g., diskettes) on which the Software is contained will be free from defects in materials and
workmanship.
b.Customer Remedies
. McAfee's and its suppliers' entire liability and your exclusive remedy for any
breach of the fo regoing warranty s hall be, at McAfee' s option, either (i) re t urn of the purchase price
paid for the license, if any, or (ii) replacement of the defective media in which the Software is
contained. You m us t r et ur n the defective media to M cAfee at your expense w ith a copy of your
receipt. This limited war ranty is void if the defect has resu lted from acciden t, abuse, or misapp lication.
Any replacement media will be warran te d for the remainder of the original warranty period. Outside
the United States, this remedy is not available to the extent McAfee is subject to restrictions under
United States export control laws and regulations.
c.Warranty Disclaimer
. Except for the limited warranty set forth herein, THE SOFTWARE IS
PROVIDED "AS IS." TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW,
MCAFEE DISCLAIMS ALL WARRANTIES, REPRESENATIONS AND CONDITIONS,
EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LI M ITED TO IMP LI ED
WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, AND NONINFRINGEMENT WITH RESPECT TO THE SOFTWARE AND THE
ACCOMPANYING DOCUMENTATION. YOU ASSUME RESPONSIBILITY FOR SELECTING
THE SOFTWARE TO ACHIEVE YOUR INTENDED RESULTS, AND FOR THE
INSTALLATION OF, USE OF, AND RESULTS OBTAINED FROM THE SOFTWARE.
WITHOUT LIMITING THE FOREGOING PROVISIONS, MCAFEE MAKES NO WARRANTY,
REPRESENTATION OR CONDITION THAT THE SOFTWARE WILL BE ERROR-FRE E OR
FREE FROM INTERRUPTIONS OR OTHER FAILURES OR THAT THE SOFTWARE WILL
MEET YOUR REQUIREMENTS. SOME STATES AND JURISDICTIONS DO NOT ALLOW
LIMITATIONS ON IMPLIED WARRANTIES, SO THE ABOVE LIMITATION MAY NOT
APPLY TO YOU.
7.Limitation of Liability. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER
IN TORT, CONTRACT, OR OTHERWISE, SHALL MCAFEE OR ITS SUPPLIERS BE LIABLE TO YOU
OR TO ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF
GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR FOR ANY AND ALL
OTHER DAMAGES OR LOSSES. IN NO EVENT WILL MCAFEE BE LIABLE FOR ANY DAMAGES IN
EXCESS OF THE LIST PRICE MCAFEE CHAR GES FOR A LICENSE TO THE SOFTWARE, EVEN IF
MCAFEE SHALL HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS
LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL
INJURY TO THE EXTENT THAT APPLICABLE LAW PROHI BITS SUCH LIMITATION.
FURTHERMORE, SOME STATES AND JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND
EXCLUSION MAY NOT APPLY TO YOU. The foregoing provisions shall be enforceable to the maximum
extent permitted by applic able law.
8.United States Government. The Software and accompanying Documentation are deemed to be "commercial
computer software" and "commercial computer software documentation," respectively, pursuant to DFAR
Section 227.7202 and FAR Section 12.212, as applicable. Any use, modification, reproduction, release,
performance, di splay or disclosure of the Software an d accompanying Do cumentation by th e U ni t ed States
Government shall be govern ed solely b y the ter ms of this Agreement and shall b e prohibite d except t o the ex tent
expressly permitted by the terms of this Agreement.
Product Guideix
9.Export Controls. You have been advised that the Software is subject to the U. S. Export Administrat ion
Regulations and applicable loca l export contro l laws. Yo u shall not export, import or trans fer Pro ducts con trary
to U.S. or other applicable local laws , whether directly or indirectly, and will not cause, approve or otherwise
facilitate others such a s agen ts or an y third par ties i n doing s o. If appl icable to you, you re present a nd agr ee that
neither the Uni ted S tates Bureau of Expo rt Admi nistr atio n nor any other fe dera l agenc y has suspend ed, r evoked
or denied your export privileges. You agree not to use or transfer the Software for end use relating to any nuclear,
chemical or biological weapons, or missile technology unless authorized by the U.S. Government and any other
applicable local authority by regula tion or specifi c license. Additionall y, you acknowledge tha t the Software is
subject to exp ort cont rol reg ul at ion s in t he Eur ope an Unio n an d you he reb y de cl are an d ag ree t hat the Sof twar e
will not be used for any other purpose than civil (non-military) purposes. The parties agree to cooperate with
each other with respect to any application for any required licenses and approvals, however, you acknowledge it
is your ultimate responsibi lity to comply with any and all e xport and import laws and that McAfee has no furthe r
responsibility after the initial sale to you within the original country of sale.
10. High Risk Activities. The Software is not fault-tolerant and is not designed o r i nt ended for use in hazardous
environments requiring fa il-safe perf ormance, including wi thout limitatio n, in the operati on of nuclear f acilities,
aircraft navigation or communication systems, air traffic control, weapons systems, direct life-support machines,
or any other application in which the failure of the Software could lead directly to death, personal injury, or
severe physical or property damage (collectively, "High Risk Activities"). McAfee expressly disclaims any
express or implied warranty or condition of fitness for High Risk Activities.
11. Miscellaneous. This Agreement is governed by the la w s o f t he N etherlands. The app lication of the United
Nations Conven tion of Contract s for the In ternation al Sale of Goods is ex pressly ex cluded. D isputes wi th respe ct
to this Agreement, as well as with respect to its conclusion and execution, will be submitted exclusively to the
competent court in Amsterdam. This Agreement s ets forth al l rights for the user of the Soft ware and is the ent ire
agreement between the parties. McAfee reserves the right to periodically audit you to ensure that you are not
using any Software in violation of this Agreement. During your standard b us iness hours and upon prior written
notice, McAfee may visit you and yo u w i ll m ake available to McAfee or its represe nt at ives any records
pertaining to the Software to McAf ee. The cost of any req ues ted audit will be solely borne by McAfee, unless
such audit discloses an underpayment or amount due to McAfee in excess of five percent (5%) of the initial
license fee for the Software or you are using the Software in an unauthorized manor, in which case you shall pay
the cost of the audit. This Agreement supersedes any other communications with respect to the Software and
Documentation. This Agreement may n ot be modified except by a writt en addendum issued by a duly authori zed
representative of McAfee. No pr ovi s ion hereof shall be deemed waived un le ss such waiver shall be in writing
and signed by McA fee or a d uly auth orize d rep rese ntati ve o f McAf ee. I f an y pr ovis ion of thi s Ag reeme nt is hel d
invalid, the remainder of this Agreement shall continue in full force and effect. The parties have required that
this Agreement and all documents relating thereto be drawn up in English. Les parties ont demandé que cette
convention ainsi que tous les doc um ents que s'y attachent soient rédigés en anglais.
12. MCAFEE CUSTOMER CONTACT. If you have any questions concerning these terms and conditions, or if
you would like to contact McAfee for any other reason, pl ease call +31 20 586 61 00 or write: McAfee,
Gatwickstraat 25, 1043 GL Amsterdam, Netherlands. You will find our In ternet web-site at http:// www.nai.com.
Protect yourself while online with the advanced security of McAfee Firewall.
Easy-to-use, yet highly configurable, McAfee Firewall secures your PCs
connection to the Internet whether you connect via DSL, cable modem or
dial-up. With intrusion detection, color coded security alerts, customizable
audible alerts, detailed logging, and an application scan for Internet enabled
applications, McAfee Firewall gives you the power you need to control the
communications into and out of your PC, ensuring tha t your online experience
is as safe as it is enjoyable.
McAfee Firewall:
nControls file and print share access.
nShows who is connecting to your computer if you allow sharing.
nStops floods and other attack packets from being received by the
Operating System.
nBlocks untrusted applications from communicating over the network.
nProvides detailed information about which sites you have contacted and
the type of connection that was made.
1
nCan be set to block all traffic or traffic from a spec ific IP address
immediately.
What’s new in this release?
nFirewall security check: Examines yo ur security sett i ngs for possible
vulnerabilities.
nEnhanced hacker tracin g with the addition of McAfee’s Visual Trace
technology.
nIntrusion Detection System: Detects common attack types and
suspicious activity.
nHome networking wiza rd: Set up protection for personal computers
sharing an Internet connection.
nWizard for creating custom rules: Create custom configurations for
specific programs.
Product Guide13
Welcome to McAfee Firewall 4.0
nPassword protection: Prevent others from tampering with your firewall
nImproved support for broadband connections.
nUsability enhancements: McAfee Firewall 4.0 includes many user
settings using password protection.
interface enhancements to make it easier than ever to secure your
computer.
14McAfee Firewall 4.0
How McAfee Firewall works
McAfee Firewall is a simple-to-operate security tool that dynamically
manages your computing security behind the scenes.
Setup
During the installation process, the Configuration Assistant prompts you with
basic questions to set up McAfee Firewall to do specific tasks – according to
your needs (e.g. allow sharing of files or not).
Operation
McAfee Firewall filters traffic at the devices that your system uses - network
cards and modems. This means that it can reject inbound traffic before that
traffic can reach vital functi ons in your com puter and waste valuable syste m
resources.
McAfee Firewall – the Gatekeeper
When McAfee Firewall is running, it monitors trusted and untrusted
programs that communicate using the Internet. If a trusted application
attempts to communicate, M cAfee Firewall allows the prog ram to function
without restrictions. If an untrusted program atte mpts to communicate into or
out of your computer, McAfee Firewall blocks the program’s attempt to
communicate via the Internet.
Welcome to McAfee Firewall 4.0
Configuration
Some network communications are needed to maintain network-based
services. These are managed through user defined rules under the system
settings of McAfee Firewall. The default system settings feature provides
superior protection from hostile threats.
About this manual
This manual provides the basic information you need to install, set up and get
started with McAfee Firewall. More detailed information about how to
perform tasks within McAfee Firewall is provided via online Help. You can
get Help while working with the different windows and dialog boxes. You can
also review the Readme.txt file which contains other general information,
known issues, etc., about this product.
Product Guide15
Welcome to McAfee Firewall 4.0
Frequently asked questions
The following are some frequently asked questions that you can briefly
review:
How will McA fe e Fi re wall h e lp me?
McAfee Firewall protects your computer at the network level. It acts as a
gatekeeper, checking every data packet going in or out of your PC. It allows
only what you tell it to allow.
McAfee Firewall has been designed to be easy to use, while providing superior
protection. Once you install and run it, it is configured to block known attacks
and to ask you before allowing applications to communicate.
How is my PC at r isk o n th e Int e rnet ?
When you connect to the Internet, you share a network with millions of people
from around the world. While the Internet is a wonderful and amazing
accomplishment, it brings with it all the problems of being accessible to
complete strangers.
While communicating via the Internet, you should take safety precautions to
protect your computing environment. If you use IRC (Internet Relay Chat)
programs, be suspicious of files total strangers send you. Programs that give
others remote access to your computer, such as Back Orifice (BO), are
frequently disseminated in this manner. It is a good practice to scan files
received using anti-virus programs such as McAfee VirusScan before you
open or view files and their attachments.
16McAfee Firewall 4.0
When on the Internet, others can try to acce ss your f ile sha res. Therefore, you
should check that they are only accessible to those you trust. Otherwise,
untrusted parties can read and delete what is in you r c o mputer.
What other protection do I need?
McAfee Firewall provides network level protection. Other important types of
protection are:
nAnti-virus programs for application-level protection.
nLogon screens and screen saver passwords to prevent unauthorized
access.
nFile encryption or encrypting file systems to keep information secret.
nBoot-time passwords to stop someone else from starting your PC.
nPhysical access to the computer, e.g. stealing the hard drive.
Welcome to McAfee Firewall 4.0
A separate but also important issue is controlling access to information,
misinformation and “filth” that is widely available on the Internet. You can
use a number of content-filtering services or programs such as McAfee’s
Internet Security that can filter th e contents of data packets or r estrict access to
certain sites.
Are there any data packe ts tha t McAfe e Firewa ll canno t stop?
Inbound Data: No. As long as McAfee Firewall supports a network device
and is running, it is intercepting all incoming packets and will allow or block
according to the way you have it configured. If you choose to block
everything, it will.
Outbound Data: Yes and no. McAfee Firewall intercepts outbound data
packets as they are passed to the network device driver. All popular
applications communicate this way. A malicious program could communicate
by other means, however.
What network devices does McAfee Firewall support?
McAfee Firewall supports Ethernet and Ethernet-like devices. This includes
dial-up connections, most cable and ISDN modems and most Ethernet cards.
It does not support Token Ring, FDDI, ATM, Frame Relay and other networks.
What protocols can McAfee Firewall filter?
McAfee Firewall can filter TCP/IP, UDP/IP, ICMP/IP and ARP. It intercep ts
all protocols, but others, such as IPX, must be either allowed or blocked - no
filtering is done. The Internet uses the IP protocols. No others are sent. Also,
IP networks are the most common.
How can I stil l b e ha ras sed , ev en w i th Mc Afe e F i rewa ll ?
Many people use McAfee Firewall to block the “nukes” that cause their IRC
connections to be broken. While McAfee Firewall blocks the nukes, there are
other ways that attackers can still cause the connections to be broken:
nServer-side nuking. This is when the "nukes" are sent to the IRC server,
not to your computer, telling the server that you can no longer be
reached. To prevent this, the IRC server needs a firewall.
nFlood blocking a TCP connection. If a flood of packets is sent to you
from a higher speed connection, McAfee Firewall can stop the packets,
but the flood takes up all your bandwidth. Your system does not get a
chance to send anything. Dial-up users are particularly vulnerable since
they have the lowest speed connections.
TIP
To read additional frequently asked questions, refer to the
Readme.txt file.
Product Guide17
Welcome to McAfee Firewall 4.0
18McAfee Firewall 4.0
Installing McAfee Firewall
The setup program on your McAfee Firewall 4.0 installation CD lets you
install the program easily on your computer. Installation should start
automatically when you insert the CD into your computer’s CD-ROM drive.
The information in the following paragraphs will help you install and start
using McAfee Firewall.
System requirements
To use McAfee Firewall you need:
nMicrosoft Windows XP Home Edition, Windows XP Professional
Edition, Windows 2000 Professional, Windows Me, Windows 98, or
Windows 98 SE.
nInternet Explorer 4.01, Service Pack 2 or higher required; IE 5.01 or later
recommended.
nPersonal computer with a Pentium 100 MHz or higher processor.
n32 megabytes (MB) of RAM.
2
n30 MB of free hard disk space.
nCD ROM drive.
nInternet access required for various feat ures.
About Winsock 2
McAfee Firewall uses an API (Application Programming Interface) that is not
supported by versions of Winsock prior to v2.0. McAfee Firewall checks for
the presence of Winsock 2 during the installation procedure and will inform
you if the system does not have it. If you have the latest browser (e.g., Internet
Explorer 6), this component is already built-in and you will not receive this
prompt. Otherwise, you can get a free upgrade and is available from
http://www.microsoft.com as well as other Web sites.
Product Guide19
Installing McAfee Firewall
Installation steps
To avoid installation problems, close all open programs before you install
McAfee Firewall, including programs that run in the background, such as
screen savers or virus checkers.
After inserting the McAfee Firewall 4.0 installation CD into your computer’s
CD-ROM drive, an Autorun image should automatically display. To install
McAfee Firewall software immediately, click Install McAfee Firewall, then
skip to Step 5 to continue with Setup.
Use the steps b e low to i nst al l you r sof twa re.
1If your computer runs Windows 2000 Professional, or Windows XP, log
on to your computer as a user with administrative rights. You mus t have
administrative rights to install this software.
2Insert the McAfee Firewall 4.0 CD in to your computer’s CD-RO M drive.
If the Installation Wizard does not au tomatical ly displa y, go to Step 3.
Otherwise, skip to Step 4.
3Use the following procedure if the Autorun installation menu does not
display, or, if you obtained your software via download at a McAfee web
site.
aFrom the Windows Start menu, select Run.
The Run dialog box displays.
20McAfee Firewall 4.0
bType <X>:\SETUP.EXE in the text box provided, then click OK.
4Here, <X> represents the drive letter for your CD-ROM drive or the path
to the folder that contains your extracted McAfee Firewall files. To
search for the correct files on your hard disk or CD-ROM, click Browse.
aBefore proceeding with the installation, Setup first checks to see
whether your computer has the Microsoft Windows Installer (MSI)
utility running as part of your system software. If your computer
runs Windows XP, the current version of MSI already exists on
your system. If your computer runs an earlier Windows release,
you may still have MSI in your computer if you previously installed
other software that uses MSI. In either of these cases, Setup will
display its first wizard pane l immediately. Skip to Step 5 t o
continue.
bIf Setup does not find MSI or an earlier version of MSI is installed
in your computer, it installs files necessary to continue the
installation, then prompts you to restart your computer. Click
Restart System. When your computer restarts, Setup will continue
from where it left off.
Installing McAfee Firewall
5Refer to steps displayed on the Installation Wizard to complete your
installation.
TIP
If your computer does not have the required fonts to view the End
User’s License Agreement (EULA), then you can locate the
appropriate EULA on your McAfee soft ware insta llation CD. You
must read and agree to the terms of the agreement to complete your
installation.
NOTE
For all Windows 2000 Professional installations, McAfee Firewall
requires a unique driver in order to function. During the
installation process, you will be confronted with several warning
messages notifying you that you are attempting to install an
unsigned driver. Therefore, please click OK as often as necessary to
install the driver and restart your computer if prompted to do so.
Product Guide21
Installing McAfee Firewall
Troubleshooting installation problems
A failed installation can cause software problems that are difficult to track
down. The major causes of installation failure are:
nAttempting to install while other software is running.
nTemporary files that conflict with the installation.
nHard drive errors.
Follow the procedure outlined below to minimize the affect that these
common conditions may have on your installation.
Step 1: Close other software
Disable all software running in the background:
1Hold down the Ctrl and Alt keys on your keyboard, and then press the
Delete key once. The Close Program dialog box appears.
2Click End Task for every item on the list except Explorer.
3Repeat steps 2 and 3 until you’ve closed everything except Explorer.
4When you see only Explorer in the Close Program dialog box, click
Cancel.
22McAfee Firewall 4.0
Step 2: Remove t empor ary f iles
Delete the contents of the Windows Temp folder:
1Double-click the My Computer icon on your desktop. The My Compute r
window opens. Double-click the C: drive. You are now viewing the
contents of your hard drive.
2Double-click the Windows folder.
3In the Windows folder, double-click the Temp folder.
4In the menu, click Edit, then click Select All. All of the items in your
Temp folder are highlighted.
5Press the Delete key on your keyboard to delete the files. If Windows
asks about deleting files, click Yes.
6In the Windows taskbar, click Start, then click Shut Down.
7Click Restart the computer, then click Yes in the Shut Down Windows
dialog box to restar t your PC.
Installing McAfee Firewall
Step 3: Clean your hard drive
Run the Windows hard drive utilities, ScanDisk and Disk Defragmenter to
identify and fix any error s on you r hard drive:
1Click Start on the Windows taskbar, point to Programs, then Accessories,
then System Tools, and click ScanDisk .
2In the ScanDisk window, select Standard and Automatically fix errors.
3Click Advanced. In the Advanced Settings dialog box, make sure the
following settings are selected:
M Only if errors found
M Replace log
M Delete
M Free
4Ignore the other options, and click OK. Click Start. ScanDisk begins
scanning your drive for errors. Depending on the size of your hard drive,
ScanDisk may take several minutes to complete its job.
5When ScanDisk is finished, close ScanDisk.
6Click Start on the Windows taskbar, point to Programs, then Accessories,
then System Tools, and click Disk Defragmenter.
7Click OK to start Disk Defragmenter. Depending on the speed of your
computer and the size of your drive, this may take several minutes to
complete.
8Close Disk Defragmenter when it has finished defragmenting your disk.
Product Guide23
Installing McAfee Firewall
Removing or modifying your McAfee F irewall
installation
If your computer’s operating system is...
nWindows 2000 Professional
nWindows XP Home Edition
nWindows XP Professional Edition
... you must log on to your computer using a profile with administr ative rights.
Then do the following:
1From the Windows Control Panel, start the Add/Remove applet.
2Select McAfee Firewall and click:
M Remove to remove McAfee Firewall from your computer.
M Change to modify your McAfee Firewall installation.
3Refer to steps displayed on the McAfee Firewall Installation Wizard to
complete your changes.
Restart your computer as directed by setup.
Important information about Windows XP
migration
Upgrading your computer's operating system from any version of Windows
to Windows XP causes all McAfee products installed before migration to
become disabled after migration to Windows XP.
You will be made aware of this situation as you make your first attempt to
start a McAfee product (after migration) - you will be instructed to reinstall the
product.
As such, you will need to uninstall all McAfee products and reinstall using
your installation CD or the software obtained from McAfee via download.
24McAfee Firewall 4.0
Getting Started with McAfee
Firewall
After installing McAfee Firewall, you will need to configure your software for
its first use. The Configuration Assistant guides you through this process.
The Configuration Assistant
Welcome Scre en
The McAfee Firewall Configuration Assistant displays the first time you start
McAfee Firewall. This wizard guides you through initial setup and activates
McAfee Firewall on your computer. Select Back, Next, Cancel, and Finish to
navigate the Configuration Assistant screens.
If you select Cancel on any Configuration Assistant screen, the activation and
configuration process stops. You must complete the Configuration Assistant
on first use in order to activate and use McAfee Firewall.
Network Control Settings
Network Control Settings identify how you want McAfee Firewall to respond
when a program attempts to access the Internet; either into or out of your
computer.
3
1To set your Network Control settings, from the Welcome to McAfee
Firewall screen, select one of the following.
Table 3-1. McAfee Firewall’s Network Control Settings
Internet Traffic SettingDescription
Block all trafficConfigures McAfee Firewall to block all Internet
traffic into and out of your computer. This is the most
secure firewall setting; however, programs in your
computer cannot acces s t he I nt er net.
Product Guide25
Getting Started with McAfee Firewall
Internet Traffic SettingDescription
Filter all trafficGives you the opportunity to d ecide whether an
Allow all trafficConfigures McAfee Firewall to allow all Internet
2Click Next.
Startup Options
This screen allows you to choose how you want McAfee Firewall to respond
as you start your computer.
Table 3-1. McAfee Firewall’s Network Control Settings
application or program in your computer will be
allowed to access the Internet. If an unrecognized
program attempts to access your computer from the
Internet, you will also be given an opportunity to
allow or block its access yo ur computer.
traffic into and out of your computer. All programs in
your computer will be allowed to access the Internet;
programs attempting to access your computer from
the Internet will not be blocke d. Allo w all tra ffi c
disables all McAfee Firewa l l prot ec t io n fe atures and
should only be used for diagnostic purposes.
For your convenience, recommended Startup Load Options have been
pre-selected for you.
1Select Load McAfee Firewall automatically at startup if you want
firewall protection as you start your computer. If you do not want
McAfee Firewall to start as your computer starts, then clear this check
box.
2If you want to display a McAfee Firewall icon on your Windows
desktop, then select Place a McAfee F irewall icon on th e desktop. If you
do not want an icon on your Windows desktop, then clear this check box.
3Click Next.
Access to shares
If your computer is part of a workgroup, such as a home network, you can
configure McAfee Firewall to allow access to your computer’s network shares
as well as allow your computer to access other computer’s shares. A share is a
resource such as a drive, directory, file, or printer available to a workgroup or
home networked computers.
26McAfee Firewall 4.0
Getting Started with McAfee Firewall
1Access to other shares: check the Allow my computer to access other
computer’s shares if you want to allow your computer to have access to
the shared drives, directories, folders, and printers, etc. of other
computers in your workgroup or home network.
2Access to my shares: check the Allow other computers to access my
shares check box to allow other computers in your workgroup or home
network to have access to your shared drives, directories, folders, and
printers, etc.
3Click Next.
Allowed applications
During the configuration process, McAfee Firewall scanned your computer's
hard disk to identify programs that use the Inter net. For example, programs of
this type would include Internet browsers, Internet e-mail programs, and ftp
(file transfer protocol) clients. On this screen, you will identify programs that
you will allow to access the Internet through McAfee Firewall.
To allow specific programs to access the Internet, do the following:
1From the list of applications displayed on this, check the check box
corresponding to each program you will allow access to the Internet.
Click Search all drives to search all of your computer’s partitions, logical
drives, and physical hard drives for programs that communicate using
the Internet.
If you do not allow any or all of the programs displayed on this screen to
communicate, you will be notified when each attempts to do so and
decide whether to allow access to the Internet at that time.
2Click Finish.
What’s happens next?
After you complete the steps associated with setting up your initial
configuration, the following events take place:
1The firewall service starts.
2The McAfee Firewall Home page displays.
You are now ready to start using McAfee Firewall!
TIP
Previous versions of McAfee Firewall did not allow you to run the
Configuration Assistant more than once. However, McAfee
Firewall 4.0 allows you to run the Configuration Assistant with an
easily accessible link on the McAfee Firewall Home page.
Product Guide27
Getting Started with McAfee Firewall
The McAfee Firewall Home page
The McAfee Firewall main window is your central entry point to all of McAfee
Firewall’s Tasks, Advanced Tasks, and shared features. The McAfee Firewall
interface displays three regions common to all of McAfee Firewall’s screens.
The Title bar and Tool bar
Title bar
The Home page displays most of your standard Windows elements; that
which includes:
nThe title bar displays the name of the program that is currently running.
nClose and minimize buttons. McAfee Firewall’s interface is of fixed
length and width. You cannot resize the interface.
Tool bar
The tool bar displays four browser-like buttons that are common to all screens.
nBack. Click Back to return to the last screen viewed.
28McAfee Firewall 4.0
Figure 3-1. The McAfee Firewall Home page
Getting Started with McAfee Firewall
nHome. Click Home to go to the McAfee Firewall Home page from any
screen.
nNext. In conjunction with the Back button, use Next to go to any
previously viewed screen during your current session.
nHelp. Click Help to view its submenu. The Help submenu may include
any of the following items.
Help submenu itemSelect this item to...
Help on this page
Contents and index
Help on the Web
McAfee at Home on the
Web
About McAfee Firewall
Status information
Depending upon your configuration, the McAfee Firewall Home page
displays other helpful information such as:
nFirewall Status: Running or Stopped. Click the link below the status to
nHome page notification. If there is an update to your version of McAfee
nThe number of programs currently communicating. If you want to
nFirewall warning information. If there are any communication
w View online Help for the screen you are currently
viewing.
w View online Help for McAfee Firewall.
w Start your Internet browser and go directly to the
McAfee Help Web site at McAfee H el p.com.
w Start your Internet browser and go directly to
McAfee-at-home.com.
w Version information about M cAfee Firewall.
start or stop McAfee Firewall.
Firewall available for download, select this task.
identify the program’s communication, select this task to view your
current activity.
warnings, select this task to view the warning log.
Internet traffic settings
The Internet Traffic setting frame displa ys your current filter ing setting. H ere
you determine if you want to Block all, Al low all, or Filter Internet Traffic. For
more information about these settings, refer to Table 3-1 on page 25.
To change an Internet traffic setting, simply click the de sired setting. Changes
are real-time and effective immediately.
Product Guide29
Getting Started with McAfee Firewall
McAfee Firewall status
This region of the Home page displays the current running state of McAfee
Firewall. It is either running or not running.
If the McAfee Firewall status
message is...
McAfee Firewall is Running
McAfee Firewall is Stopped
Then...
w Click Stop McAfee Firewall to disable
firewall protection.
w Click Start McAfee Firewall to enable
firewall protection.
Network Traffic monitor
The Network Traffic monitor displays a graphic representation of real-time
network activity. The monitor is color-coded to help you identify normal
network traffic, port scans, and worst of all, attacks.
nGreen zone: Activity displayed in this zone is normal network activity.
It is not uncommon to see activity in this zone reaching the yellow area.
nYellow zone: This is the caution zone. You can view the Activity Log to
analyze data for this traffic. Activity in the yellow zone could represent
a port scan.
nRed zone: Red represents the worst level of net work activity and usually
represents an attack. You can view the details of the attack by accessing
McAfee Firewall Activity Log. If this the attacker’s IP address is
available, you can attempt to trace the attacker using McAfee Firewall’s
Visual Trace component.
The Task pane
30McAfee Firewall 4.0
The Task pane displays links that allow you to start McAfee Firewall’s Tasks
and Advanced Tasks. Depending upon your configuration, the Task pane
may or may not display a McAfee list. The McAfee list displays links that
allow you start the Home page of any other current McAfee product installed
in your computer.
About Tasks
Starting a task is as easy as clicking its link. The Task list allows you to start
McAfee Firewall’s major components. Although the tasks you can perform
will vary based upon your computer’s operating system and its configuration,
primary tasks include:
nControl Internet programs: This task allows you to explicitly block or
allow specific programs to access the Internet.
Getting Started with McAfee Firewall
nView network activity: Select this task to view real-time network
activity and view your current activity log.
nSet alert preferences: Choose how you want McAfee Firewall to notify
you when a potential security breach occurs.
nSet up Home Networking: Help s make setting up protections for your
PCs sharing an Internet connection a breeze.
nPerform a security check: This task allows you to start the McAfee
Firewall Security Check process.
nSet startup options: Choose how you want McAfee Firewall to start.
nConfiguration Assistant: This task starts the Configuration Assistant.
About Advanced Tasks
Similar to the primary Task list, the Advanced Task list may vary depending
upon your version of Windows, its configuration, and other software that may
be installed in your computer. McAfee Firewall’s advanced tasks include:
nAdvanced options and logging: Select this task to configure intrusion
defense mechanisms, set up the automatic configuration of filtering
rules, and identify the type of traffic you want to log.
nConfigure network adapters: Choose this task to view your current
network adapter and configure their communication settings.
nIntrusion detection settings: Select this task to configure how you want
McAfee Firewall to respond when it detects an intrusion.
nBlock IP address: If there is a specific IP address that you want to block
from accessing your computer, or, if there is an IP address that is
currently blocked that you want to allow, choose this task.
nSet up password: This task helps you to secure your McAfee Firewall
settings with password security.
nOther Tasks: Select this task to navigate to a screen that allows you to
start McAfee Firewall’s shared features
About the McAfee list
The McAfee list displays links to start the Home page to any other supported
McAfee product.
Product Guide31
Getting Started with McAfee Firewall
Other McAfee Firewall features
McAfee Firewall settings security chec k
Examines your firewall security settings, allowing you to rectify weaker
settings before hackers get a chance to exploit them. The McAfee Firewall
Settings Security Check flags and suggests changes to help you keep your
system set to optimal security.
If Security Check detects an issue, click Fix and McAfee Firewall helps you
analyze and correct potential problems.
Home networking wizard
Helps make setting u p protections f or your PCs shar ing an Internet connection
a breeze, providing helpful wizards to walk you through the process.
All networking media and hardware (such as cables and network adapters)
must be installed in each computer in order for this wizard to locate your
computers.
Password protection
Prevent others from tampering with your firewall settings by locking access to
them with password security. Also helps keep your firewall protections secure
by preventing the firewall from being shut down without your password.
32McAfee Firewall 4.0
About Visual Trace
Visual Trace is a multi-purpose Internet tool used for finding information and
trouble-shooting connection problems.
At the simplest level Visual Trace shows you how packets (data) get from your
computer to another computer on the Internet. You see all the nodes
(equipment of various types on the Internet that is passing traffic) between
your computer and the trace target.
There are many situations where you need this information. Visual Trace is a
useful tool when troubleshooting connections or just verifying that everything
is working OK. There is also a wealth of information presented by Visual
Trace, including the domain owners, relative locations, and in many cases, the
location of nodes.
Besides using V isu al Tr ace to l ook for w eak spo ts in a con nect ion y ou ca n use
it to:
nDiscover whether you can't reach a site due to a failure at your Internet
Service Provider (ISP) or further into the Internet
Getting Started with McAfee Firewall
nDetermine the point of a network failure that is preventing you from
reaching a Web site.
nDetermine the location of sites and their users, uncover the owners of a
site, and help track down the origin of unwanted e-mail messages
('spam').
nGet detailed contact information on sites all over the world (where
available).
How to start Vi su al T ra ce
You can start Visual Trace directly from the Windows start menu. You can also
start Visual Trace from the McAfee Firewall Detail Activity screen, the Block
IP dialog box, and if you are attacked, from the Windows system tray pop-up
notification.
For more information about Visual Trace, please refer to online Help for
Visual Trace.
Product Guide33
Getting Started with McAfee Firewall
34McAfee Firewall 4.0
McAfee Firewall Config urations
Overview
The configuration of McAfee Firewall is divided into two classifications –
application (program) and system. Upon installation, a base set of rules for
system servic es such as ICMP, DH CP and ARP are installed (these are
considered default settings).
On the other hand, the programs classification is personalized. Whenever you
run a new program that attempts to communicate over the Internet, McAfee
Firewall will prompt and ask you whether you want to trust the program or
not.
For example, using Internet Explorer, enter an Internet address or URL (i.e:
http://www.mcafee-at-home.com) in the address bar of your browser and
press ENTER. Internet Explorer will attempt to connect to that URL over the
Internet. The first time you do this, McAfee Firewall prompts if you “trust”
Internet Explorer. If you say “Yes,” McAfee Firewall notes Internet Explorer is
allowed and whenever you use Internet Explorer in the future, McAfee
Firewall will allow its traffic.
As you allow programs to use the Internet, McAfee Firewall “learns” the rules
you are creating for the program and saves them for future use. If a Trojan
horse program attempts to communicate out from your computer, McAfee
Firewall will also prompt you whether you trust them or not, and the decision
to block the Trojan horse program from communicating is easy and
instantaneous.
4
Product Guide35
McAfee Firewall Configurations
Program configuration
During your first attempt to start McAfee Firewall, the Configuration
Assistant asked you to identify programs that you want to allow to
communicate. At such time, McAfee Firewall created a default set of
communication rules for the programs (applications); designated as allowed
to communicate.
Based upon the type of program, for example, Internet browsers, e-mail, ftp,
IRC, and file sharing programs, McAfee Firewall identifies the type of
program and creates a default set of communication rules for each progra m in
your computer. That is, to either block, allow, or filter a program’s
communication attempts via the Internet.
Firewall Communication Alert Messages
A McAfee Firewall Communication Alert message displays if an
unrecognized program attempts to communicate. There are several scenarios
that could cause a program to be unrecognized.
nIf you install a program that communicates via the Internet after
installing McAfee Firewall, the program’s first attempt to communicate
will cause an alert message to display.
nAlthough the Configuration Assistant performs a thorough analysis of
your computer’s programs that use the Inte rnet to communicate , it may
not have been able to identify all of your computer’s programs that use
the Internet to communicate.
36McAfee Firewall 4.0
If an unrecognized program attempts to communicate, the resulting alert
message generally asks you to select one of the following options:
nNo, deny at this time: Blocks the progr a m’s current and all future
attempts to communicate. The active program is a dded to the trusted list
of programs with an allowed state of “blocked.”
nYes, allow this time: The active attempt to communicate is allowed. The
program is not added to the trusted programs list.
nIf you recognize the program and do not want to receive any future
alerts for this program, check the I recognize this program check box.
TIP
If you allow or block a program the first time you are prompted,
McAfee Firewall provides you with the flexibility to change this
setting and block or allow it to communicate at any time in the
future. As you exit McAfee Firewall, your settings are saved and
will be the same the next time it is run.
McAfee Firewall Configurations
Changing a program’s allowed state
McAfee Firewall monitors Internet traffic to see which programs are
communicating. Depending on your settings, it will allow, block, or filter a
program's attempt to communicate.
If you choose to “Allow all” programs to communicate through your f irewall,
then all programs installed in your computer can communicate.
To view and configure the current list of trusted programs
1From the Task list, select Control Internet programs.
2Select the program whose filtering settings you wish to configure (or
click Browse to add a program to the list).
3Select one of the following options:
M Filter this program’s access to the Internet.
M Allow this program to have full unfiltered access to the Internet.
M Block this program from accessing the Internet.
4To add a program to the list, click Add and browse to select the program
you want to add. To remove a program from the list, sele ct the program
you want to remove and click Remove.
5Click Apply.
How to customize filtering rules for a specific program
For all programs designated as “filter,” McAfee Firewall provides power users
with the flexibility to create a set of custom filtering rules for each filtered
program.
TIP
The Customize button becomes accessible if you select the Filter
this program’s access to the Internet option.
To create a custom filter ing rul e
1From the Control Internet Programs screen, select the program for which
you want to create a custom filtering rule.
2Select the Filter this program’s access to the Internet radio button.
3Click Customize.
If the program currently maintains a default set of rules created by
McAfee Firewall, then the Customize filtering rules dialog displays. If
the program does not maintain a default set of rules, then the What do you want this filtering rule to do? dialog displays.
Product Guide37
McAfee Firewall Configurations
4Refer to the instructions displayed on the Custom Filtering rules dialog
Addw Click Add to add a new rule and to disp la y th e
selected program.
CAUTION: There is no “undo” feature.
w Click Edit to refine a filtering rule.
w Click Restore to restore the default rules fo r the
selected program.
TIP: If you inadvertently Rem ove a filtering rule,
click this button to restore the default rules for
the selected program .
w Click OK to close the Customize Filtering Rules
dialog and save your changes.
w Click Cancel to close the Customize Filtering
Rules dialog without savi ng your changes.
38McAfee Firewall 4.0
Primary functions
From the list of primary functions displayed on the Customize Filtering Rules
dialog, you can choose one of the following:
Table 4-3. Primary Functions
You can choose to...by...
Allow communication...
Block communication...
w protocol
w local port
w remote port
w IP address
w domain name
w direction
McAfee Firewall Configurations
Refining conditions
After you select the primary function for the rule, you can further refine the
rule by checking the check boxes for any or all of the communication
characteristics:
With...Using...
w direction
w domain names
w IP addresses
To customize the refinement condition, click [click here to select]
w protocols
w remote ports
w local ports
. Depending
upon the communication characteristics selected, various dialog and text
boxes display. For example, if the custom rule states “B lock thi s progra m from
communicating and the IP address is,” then an Add/Edit rule text displays
allowing you to enter an IP address. Similarly, if you want to block a program
from communicating by protocol, an Edit Protocols dialog displays.
To save your changes, click OK.
Product Guide39
McAfee Firewall Configurations
System configuration
Your computer’s operating system performs many types of network
communication without reporting directly to you. McAfee Firewall lets you
explicitly allow or block different system functions. Settings may be different
for each network device, since a computer, for example, can be connected to
an internal network as well as having a dial-up connection to the Internet.
Use the steps below to control your System settings.
1From the Advanced Task list, select Configure network adapters.
2From the Configure Network Adapter Settings screen, select the adapter
you want to configure and click Adapter Settings to view or change the
properties of this adapter.
Result: The Properties sheet for the selected network adapter displays.
You can then choose to allow or block NetBIOS over TCP, Identification,
ICMP, ARP, DHCP, RIP, PPTP and other protocols (IP and non-IP).
Table 4-4. Default Settings for System Activity
System Activity TypeDescription
NetBIOS over TCP:
Blocked
Identification: BlockedThis service is often required when getting email and
ICMP: BlockedThis protocol is often abused as a method of
ARP: AllowedARP is a necessary Ethernet pr ot oc ol and is not
DHCP: Allowed if your
system uses DHCP
This will block all file share activity over TCP as well
as UDP broadcasts. Your system will not appear in
anyone's “Network Neighborhood” and theirs will not
appear in yours. If your system is configured to
support NetBIOS over other protocols, such as IPX
or NetBEUI, then file sharing may be allowed if
“non-IP protocols” are a llowed (see “Other
Protocols” below).
is required by most IRC servers.
breaking people's net wor k connections (especial l y
on IRC).
known to be a threat.
The program looks in your system Registry to see if
one of your network devices uses DHCP. If so, then
DHCP is allowed for all devices. If not, then it is
blocked for all devices. If you have more than one
network device and one uses DHCP, you should
check the DHCP setting f or each device and allow
only for the device that uses it (m os t oft en cable or
ADSL modems and some inter nal networks, not for
dial-up).
40McAfee Firewall 4.0
McAfee Firewall Configurations
Table 4-4. Default Settings for System Activity
System Activity TypeDescription
RIP: BlockedAllow RIP i f yo ur administrator or IS P ad v ise s yo u t o.
PPTP: BlockedThis should only be altered by t he administrator.
Other Protocols: BlockedIf you are on an IPX network, you should allow
“non-IP prot ocols”. If you use PPTP, you should
allow “other IP protocols”. Ask your network
administrator before making any change here.
Product Guide41
McAfee Firewall Configurations
42McAfee Firewall 4.0
McAfee Firewall’s Intrusion
Detection Sys tem
About Intrusion Detection
Unlike other intrusion detection tools, McAfee Firewall’s powerful Intrusion
Detection System (IDS) is simple to configure and activate. Instead of
requiring users to learn and understand a complex set of attacks to b uild their
own defense lines against intrusions, McAfee Firewall’s development t eam
created a tool that, when activated with the click of a button, detects common
attack typ es and suspicious activity.
Unprotected computers can be victimized. For example, attackers can use a
TCP port scan to find out what services you are running on your machine.
Once this is accomplished, they can try to connect to those services and attack
your computer. If the attacker discovers that you are running a TELNET, ftp,
or Web server, the attacker can try each of your computer’s ports seque ntially,
from 1 to 65535, until an open port is found that they can connect to.
McAfee Firewall’s IDS feature looks for specific traffic patterns used by
attackers. McAfee Firewall checks each packet that your machine receives to
detect suspicious or known attack traffic. For example, if McAfee Firewall sees
ICMP packets, it analyzes those packets for suspicious traffic patterns by
comparing the ICMP traffic against known attack patterns. When McAfee
Firewall matches packets with a known attack pa ttern, the softwar e generates
an event to warn you of a possibl e security breach.
5
When intrusion detection is on, traffic is checked by the intrusion detection
system. When intrusion detection is active and McAfee Firewall detects an
attack, you can block further communication from the suspected machine’s IP
address indefinitely or for a specific time period. When an attack is detected,
McAfee Firew all alerts you with a Windows system tray notification.
NOTE
Because McAfee Firewall is analyzing packets and looking for
patterns of packets that identify specific types of attacks, this
feature may result in a very slight impact on your machine’s
performance.
How to Configure the Intrusion Detection System
Use the steps below to configure McAfee Firewall’s intrusion detection
system:
1From the McAfee Firewall Home page, click Advanced Tasks.
Product Guide43
McAfee Firewall’s Intrusion Detection System
2From the Advanced Tasks list, select Intrusion detection settings.
Refer to the instructions displayed on the Configure Intrusion Detection
Settings screen to complete this task.
44McAfee Firewall 4.0
McAfee Firewall’s Intrusion Detection System
Common attacks recognized by IDS
The following table lists attacks recognized by McAfee Firewall’s IDS, a
description of each attack, and the risk factor assigned to each attack.
AttackDescriptionRisk
Factor
1234Also known as the Flushot att ack , an at ta cker sends an oversize ping
packet that networking software can not handle. Usually, computers hang
or slow down. If a total lockup occurs, unsaved data m ay be lost.
Back OrificeBack Orifice is a back door pr ogram for Windows 9x writt en by a group
calling themselves the Cult of the Dead Cow. This back door allows
remote access to the machine once installed, al low in g t he i ns ta ller to run
commands, get scree n shots, modify the registry, and perform other
operations. Client programs to access Back Orifice are available for
Windows and UNIX.
BonkDesigned to exploit an implementation error in the first Teardrop patch
released by Microsoft, this attack is basically a Windows-specific variant of
the original Teardrop attack.
FraggleThis attack is a UDP variant of the Smurf attack. By sending a forged UDP
packet to a particular port on a br oadcast address, system s on the
“amplifier” network will re spond to the target machine with either a UDP
response or an ICMP UNREACHABLE packet. This flood of incoming
packets results in a denia l of service attack against th e ta rg et m achine.
IP SpoofingIP spoofing involves sending data with a falsified return IP address. There
is nothing inherently dangerous about spoofing a source IP address, but
this technique can be used in conjunction with others to carry out attacks
TCP session hijacking, or to ob scure the source of denial of ser vi ce
attacks (SYN flood, PING flood, etc.).
JoltA remote denial of service att ac k usi ng specially crafted ICMP packet
fragments. May cause sl owdowns or crashes on ta rget systems.
Jolt 2A remote Denial of Service (DoS) attack similar to Jolt that uses specially
crafted ICMP or UDP packet fragments. May cause slowdowns or crashes
on target systems.
LandThis attack is performed by sending a TCP packet to a running service on
the target host, with a source address of the same host. The TC P packet
is a SYN packet, used to establish a new connection, and is sent from the
same TCP source port as the destination port. When accepted by the
target host, this packet causes a loop within the operating system,
essentially locking up the sys te m.
NesteaThis attack relies on an error in cal culating sizes during pack et fragment
reassemb l y. In the reassem bly routine of vulnerable systems, there was a
failure to account for the length of the IP header field. By sending carefully
crafted packets to a vulnerable system, it is possi bl e t o cr ash the target.
Medium
High
High
High
Medium
High
High
High
High
Product Guide45
McAfee Firewall’s Intrusion Detection System
AttackDescriptionRisk
Factor
NewtearA Denial of Service (DoS) att ack that usually causes co m put er s w i t h a
Windows NT-based o perating system to crash. Although the attack is not
usually harmful to the computer itself, data from running applications will
most certainly be lost.
OshareA Denial of Service (DoS) attac k caused by sending a unique packet
structure to your computer. The results of these attacks can vary from a
complete system crash, increased CPU loa d , o r mom entary delays,
depending upon your computer’s configuration. This will affect almost all
versions of Windows 98 and NT-based system s wi t h var yi ng degrees
based on the hardware involved.
Ping FloodThis attack involves send in g very large numbers of ICMP ECHO (PING)
requests to th e ho st u nd er a tt ack . Th is at ta ck is pa rt ic ul ar ly eff ec t i ve w hen
the attacker has a faster ne t w or k connection than the victi m .
Ping of DeathWith this attack, a remote user ca n cause your system to reboot or panic
by sending it an oversized PIN G packet. This is done by send in g a
fragmented packet lar ger th an 65536 bytes in length, ca using the remote
system to incorrectly process the packet. The result is that the remote
system will reboot or pan ic dur i ng processing.
Port ScanningWhile not an attack in and of itself, a port scan often indic at es that an
attacker has begun look in g at your system for potential weaknesses. A
port scan consists of check i ng every TCP and/or UDP po rt to see what
services (and hence, what vulnerabilities) migh t b e present.
Saihyouse nThe Saihyousen at t ack may cau s e som e f ire wa l ls to c ra sh . It is ca use d by
an attacker sending a stream of UDP packets.
SmurfThis attack is carried out by send i ng an ICMP ECHO REQUEST (PI NG )
packet with a forged sour ce address matching that of th e ta rg et system.
This packet is sent to “amplifier ” networks — networks that allow sending
packets to the broadcast address — so that every machi n e on t he
amplifier network will res po nd t o w hat they think is a legitimate request
from the target. As a result, the target system is flooded with ICMP ECHO
REPLY messages, causing a denial of service attack.
SynDropOverlapping fragmented data sent by an attacker causes your computer to
become unstable and or crash. Unsaved data cou ld be lo st .
Syn FloodThi s at t ac k can be used to completely d is abl e your net w ork services by
flooding them with connection requests. This will fill the queue which
maintains a list of unestabli shed incoming connections, forcing it to be
unable to accept additio nal connections.
TeardropOn vulnerable systems , it is p oss ib l e to tak e advantage of a flaw in the
way the TCP/IP stack handles fragmented packet reassembly to consume
available memory res our ces. By sending a speciall y cr af t ed I P dat agram,
this attack can cause many operating systems t o hang or reboot.
High
High
High
High
Low
High
High
High
High
High
46McAfee Firewall 4.0
McAfee Firewall’s Intrusion Detection System
AttackDescriptionRisk
Factor
UDP FloodA remote Denial of Service (DoS) attac k designed to flood the target
machine with more data than it can process, thereby preventing legitimate
connections from being esta blished.
Machine is inaccessible vi a TCP/ I P. Oc curs when machine is put to sleep
and then awakened.
Make sure that “Load Only When Needed” is not checked in the TCP/IP
control panel. Then TCP/IP is loaded all the time, allowing McAfee Firewall
to function while the machine is asleep.
WinnukeThis attack is a Denial of Service (DoS) attack that compl et el y disables
networking on many Win95 and WinNT machines. Although Winnuke will
not neces sari ly dama ge y our comp uter , yo u may los e an y uns ave d dat a a t
the time of the attack. Restar t in g your computer should re st or e fu ll
operation.
High
High
Product Guide47
McAfee Firewall’s Intrusion Detection System
48McAfee Firewall 4.0
Updating McAfee Firewall
About Instant Updater
As technologies advance, we continually provide updates to McAfee software
products. To ensure the highest level of protection, you should always obtain
the latest version of your McAfee product.
Updating your software is simple using McAfee's Instant Updater. It is a
seamless process and requires minimal interaction on your part.
Instant Updater is also the mechanism used to register your product with
McAfee. In order to obtain product updates, you must register your product
with McAfee.
Why Do You Need to Update?
nNew features may be released for your McAfee product.
nProduct fixes are periodically available.
nNew product content is updated periodically.
nUpdates to anti-virus signature files are frequently available.
6
How Does the Updating Process Work?
Instant U p dater allows you to obtain and apply updates to your McAfee
products while connected to the Internet. If an update exists, you will receive
a notification. At that time, you can download and apply the updates to your
products.
Instant Updater features
nAuto Update is Instant Upda ter’s default setting.
Instant Updater silently checks for, and as appropriate, applies product
updates while you are connected to the Internet.
Occasionally, Instant Updater may ask you to restart your computer to
apply the updates. Auto Upda te checks for upd at es da ily to e nsur e that
your McAfee product, product content, and related elements such as the
virus scan engine and DATs are current.
Product Guide49
Updating McAfee Firewall
nAuto Inquiry: If Auto Inquiry is enabled, it allows you to receive
notification of product updates while connected to the Internet. We do
not recommend using Auto Inquiry if you have a slow internet
connection
nManual Updating: If you rarely connect to the Internet, you may prefer
to use Manual Updating with your McAfee product. You can manually
update while connected to the Internet. To do this, select the UPDATE
function from within the individual product.
Manual Updating provides you with explicit control of the updating
process.
Home page query
Related to Instant Updater is Home page query. This feature allows you to
configure your McAfee product’s home page to di splay a message when an
update is available. After you install your McAfee software, Home page query
“on” is the default setting.
Configuration
For additional information regarding auto inquiry and auto update settings,
please refer to online Help.
50McAfee Firewall 4.0
How to contact McAfee
About www.McAfee-at-Home.com
McAfee is famous for its dedication to customer satisfaction. We have
continued this tradition by making our site on the World Wide Web a valuable
resource for answers to your questions about McAfee Consumer Products. We
encourage you to visit us at http: //www.mcafee-at -home.com and m ake this
your first stop for all of your product support needs.
Customer Service
To order products or obtain product information, contact the McAfee
Customer Service department at (972) 308-9960 or write to the following
address:
Please note, (972) 308-9960 is telephone call to the United States of America.
A
Technical support
For agent assisted technical support, please visit http://www.mcafeehelp.com.
Our support web site offers 24-hour access to solutions to the most common
support requests in our easy-to-use 3 step Answer Wizard. Additionally, you
may use our advanced options, which include a Keyword Search and our
Help Tree, which have been designed with the more knowledgeable user in
mind. If a solution to your problem cannot be found, you may also access our
24-hour FREE Chat Now! and Email Express! options. Chat and E-mail will
enable you to quickly reach our qualified support engineers, through the
internet, at no cost. Phone support information can also be obtained from our
self-help web si te at: http://www.mcafeehelp.com.
BEFORE YOU CONTACT McAfee Software for technical support, locate
yourself near the computer with the McAfee product installed and verify the
information listed below:
nVersion number of your McAfee software
From the McAfee Firewall main window select Help > About to find this
information
Product Guide51
How to contact McAfee
nWindows operating system version number.
nAmount of memory (RAM)
nComplete description of the problem
nEXACT error message as on screen
nWhat steps were performed prior to receiving error message?
nIs the error persistent; can you duplicate the problem?
nModel name of hard disk (internal / external)
nExtra cards, bo ards, or hardware
52McAfee Firewall 4.0
Index
Numerics
1234 Attack, 45
A
About
Advanced tasks
McAfee list, 31
Tasks, 30
Advanced Tasks, 31
Advanced options and lo gging, 31
Block IP address, 31
Configure network adapters, 31
Intrusion detection settings, 31
Set up password, 31
Alert Messages, 36
, 31
B
Back orifice, 45
Bonk, 45
Browser requirements, 19