McAfee VIRUSSCAN ENTERPRISE Guía de usuario Pagina 20
- Pagina / 166
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
• Internet Relay Chat (IRC) messages — Files sent along with these messages can easily
contain malware as part of the message. For example, automatic startup processes can
contain worms and Trojan threats.
• Browser and application Help files — Downloading these Help files exposes the system
to embedded viruses and executables.
• Combinations of all these — Sophisticated malware creators combine all of these delivery
methods and even embed one piece of malware within another to try and access your
computer.
Contents
How access threats are stopped
Control access to the user interface
How access threats are stopped
By enabling or changing the configuration of the Access Protection feature you can configure
anti-spyware protection, anti-virus protection, common protection, virtual machine protection,
and define your own rules of protection. Following is the basic process VirusScan Enterprise
uses to provide access protection.
Steps taken when a threat occurs
1 A user or process tries to take an action.
2 That action is examined by Access Protection according to the defined rules.
3 When a rule is broken, the action requested by the user or process is managed using the
information in the rules configured. For example, the action causes nothing to happen, it
is blocked, or it is blocked and a report is sent.
4 The Access Protection log file is updated, and an event is generated for the ePolicy
Orchestrator Global Administrator.
Example of an access threat
1 A user downloads a program, MyProgram.exe, from the Internet.
NOTE: For this example, MyProgram.exe is not malware.
2 The user launches the program and it seems to launch as expected.
3 MyProgram.exe then launches a child process called AnnoyMe.exe and it attempts to modify
the operating system to ensure it always loads on startup.
4 Access Protection processes the request and matches it against an existing rule that is
configured to block and report.
5 AnnoyMe.exe is denied access when it attempts to modify the operating system, Access
Protection logs the details of the attempt, and it generates an alert to the ePolicy
Orchestrator Global Administrator.
Log report and alerts generated
This is an example of an Access Protection log entry.
2/10/2010 11:00AM Blocked by Access Protection rule TestDomain\TestUser C:\Users\TestUser\Desktop\AnnoyMe.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run\ Prevent programs registering to autorun
This table describes the data in the previous Access Protection log entry:
Part I - Prevention: Avoiding Threats
Access protection
McAfee VirusScan Enterprise 8.8 Product Guide20
- Product Guide 1
- Contents 3
- Audience 6
- Conventions 6
- How this guide is organized 7
- Finding product documentation 8
- Getting Started 10
- Using right-click features 14
- What to do first 17
- Quarantined items 18
- Access protection 19
- MyProgram.exe is not malware 20
- VirusScan Console 23
- Rule type descriptions 24
- Protection level descriptions 24
- Types of user-defined rules 25
- Port blocking rule options 31
- Removing user-defined rules 33
- Configuring unwanted programs 38
- DAT files and how they work 43
- Configuring the mirror task 46
- Framework 47
- Excluding scan items 48
- Using scheduled tasks 49
- Scheduling tasks 50
- Configuring the task schedule 50
- Scanning items on-access 51
- Enabling on-network drives 52
- How Artemis works 53
- Configuring general settings 54
- Configuring process settings 58
- Scanning items on-demand 62
- How scan deferral works 64
- How system utilization works 64
- Detections and responses 72
- Buffer overflow detections 73
- Unwanted program detections 73
- On-access scan detections 74
- On-demand scan detections 75
- Email scan detections 75
- Managing quarantined items 77
- Configuring alerts 78
- Access queries and dashboards 80
- Configuring emergency DATs 81
- Downloading a SuperDAT file 82
- Fine-Tuning Your Protection 84
- Running an example query 85
- Analyzing your protection 86
- Appendix 89
- SCAN32.EXE 91
- MCUPDATE.EXE 93
- MCUPDATE 93
- Connecting to remote systems 94
- Troubleshooting 95
- REINSTALLMODE 96
- Property 96
- McAfee VirusScan Enterprise 100
- 8.8, Installation Guide 100
- Frequently asked questions 101
- 00000000.ie 102
- CATALOG.Z 103
- Access Protection tab 104
- Configuring predefined rules 105
- Option definitions 106
- Alerts tab 107
- Reports tab 108
- Blocking tab 109
- Display Options tab 112
- Actions tab 113
- Scan Items tab 117
- General tab 120
- Default = very low 121
- Messages tab 122
- Notes Scanner Settings tab 123
- Exclusions tab 126
- Task tab 134
- Password Options tab 135
- Processes tab 136
- Quarantine Policy tab 140
- Policy tab 141
- Manager tab 142
- Scan Locations tab 144
- Performance tab 146
- DefinitionOption 147
- ScriptScan tab 148
- User-Defined Detection tab 149
- Repositories tab 150
- Proxy settings tab 153
- Mirror task 154
- AutoUpdate task 155
- Schedule tab 156
- Advanced schedule options 160
- Global Scan Settings tab 161
- (continued) 164
© 2020, manymanuals.es. Todos los derechos reservados | 0.096 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales