10
White Paper Access Protection in McAfee VirusScan Enterprise and
Host Intrusion Prevention
Risk: The most reported case where Windows needs access to tftp.exe is when installing a Windows
service pack. When the service pack installer cannot upgrade tftp.exe, the install fails, it is generally
advised to enable this rule, but disable it during the period when patches and service packs are
being installed.
Included processes: all
Excluded processes: Windows Update
ID and name in Host IPS:
3889, Access Protection—Prevent use of tftp.exe.
Anti-virus Maximum Protection
Intention: Anti-virus Maximum Protection provides common rules that protect most critical settings
and files from being modified. This level provides more protection, but may prevent the installation of
legitimate software. If you cannot install software, we recommend that you disable Access Protection
Maximum Protection first, and then enable it again after installation.
Risk: Maximum Protection rules should be used with caution as they can block common activities
such as installation or execution of certain applications or processes. It is recommended that Maximum
Protection rules be initially enabled for report only in order to determine if exclusions will be required.
“Prevent svchost executing non-Windows executables”
Intention: Svchost.exe is a system process belonging to the Microsoft Windows operating system,
which handles processes executed from .DLLs. This program is important for the stable and secure
running of your computer and should not be terminated. Because this is a key component of Windows,
attackers attempt to use this process to register their own .DLLs that are not part of Windows. This rule
makes svchost.exe only load Windows service .DLLs.
Included processes: svchost.exe
Excluded processes: none
ID and name in Host IPS:
3894, Access Protection—Prevent svchost executing non-Windows executables.
“Protect phonebook files from password and email address stealers”
Intention: This rule prevents malicious code from reading the list of the user’s contacts, which are
stored in rasphone.pbk files in the user’s profile directories.
Included processes: all
Excluded processes: typical processes that access the address book
ID and name in Host IPS:
3895 (2), Access Protection—Protect phonebook files from password and email address stealers.
“Prevent alteration of all file extension registrations”
Intention: This is a stricter version of the “Anti-virus Standard Protection: Prevent hijacking of .EXE and
other executable extensions” rule. Instead of just protecting .EXE, .BAT, etc., it protects all the extension
options under HKEY_CLASSES_ROOT.
(122 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales