WSS agent 8.1.2 fails to connect with UDP after upgrading from WSS Agent 6.1.1
Article ID: 253370
Updated On:
Products
Issue/Introduction
WSS Agent user upgrade to the WSS agent 8.1.2 (from WSS Agent 6.1.1) and cannot connect to WSS with UDP transport.
WSS Agent diagnostic logs report UDP connection failed due to timeout errors.
Local firewall allows UDP 443 so it is not being blocked there.
Environment
WSS Agent 8.1.2.
Windows 10.
McAfee endpoint protection enabled.
Cause
McAfee endpoint protection blocking UDP 443.
Not sure how upgrade to 8.1.2 could have caused this (independent of setup).
Resolution
Whitelist WSS Agent UDP 443 traffic on McAfee.
Additional Information
From logs, we could track that UDP request was likely blocked
[10-17-2022 14:47:32 (UTC+1:00)]: WSS Agent has closed the connection. A new connection attempt will be made.
[10-17-2022 14:47:32 (UTC+1:00)]: CTC Response: ACTIVE(POSTCHK) egress:203.0.113.3 GGBDO-170.176.242.164 GGBDO-109.68.61.164
[10-17-2022 14:47:33 (UTC+1:00)]: Attempting to connect to GGBDO via UDP
[10-17-2022 14:47:38 (UTC+1:00)]: UDP Connection failed (ec:26 - A timeout has occurred), will attempt TCP on the same DP
[10-17-2022 14:47:39 (UTC+1:00)]: Attempting to connect to GGBDO via TCP
The corresponding PCAP confirmed we see UDP 443 probe and 6 secs later we get the TCP attempt due to lack of feedback ...
Looking at other security products on the host, we identified McAfee as a potential candidate and walked through the logs their to find the culprit at the exact time:
Feedback
