14
White Paper Access Protection in McAfee VirusScan Enterprise and
Host Intrusion Prevention
“Prevent common programs from running files from the Temp folder”
Intention: This rule prevents email attachments and executables from running on web pages. It is
designed to block applications from installing software from the browser or from the email client, and it
is effective in stopping email worms. It monitors your browser and email client and prevents them from
running software from the Temp directory. This stops most adware, spyware, Trojans, and viruses that
use executables in email or browser links to install. Well-behaved installers do not usually use the system
Temp directory to hold installers; however, a custom or third-party application may be prevented from
installing after this rule is enabled.
Risks: If you need to install an application that uses the Temp folder, make sure that installation process
is listed in the exclusion list.
Included processes: Common browsers and email clients
Excluded processes: None
ID and name in Host IPS:
3905, Access Protection—Prevent all programs from running files from the Temp folder.
“Prevent termination of McAfee processes”
Intention: When the “Prevent termination of McAfee processes” rule is enabled, VSE will prevent any
non-McAfee processes and those specifically excluded from terminating the process or service. This
protects VirusScan processes from being disabled by malicious programs that seek to circumvent virus
protection programs by killing their processes.
If this is set then no one (except excluded processes) can terminate a McAfee process using Task
Manager, etc. (“Terminate” means forcing the process to end right now. The victim process has no say
in the matter).
Risks: If this rule is enabled, manual methods to update .DAT files for VSE will not work. The
recommended method of updating with the use of ePO tasks will continue to function with this
rule enabled.
ID, Name in Host IPS:
There is no corresponding signature in Host IPS.
Common Maximum Protection
The rules in this category are intended to block viruses, adware, and spyware with much stricter rules
that may be inappropriate for some computers and may need some customization before they can be
enabled. These rules are often used temporarily or in extreme cases of lock down.
“Prevent programs registering to autorun”
Intention: Most adware, spyware, Trojans, and viruses attempt to register themselves in such a way that
they get loaded every time the system is booted. This rule is designed to prevent any process not on the
excluded list from registering processes that execute on every reboot.
Risks: Legitimate applications may also do this; these should be listed in the exclusions list or installed
before this rule is enabled.
ID and name in Host IPS:
3906, Access Protection—Prevent programs registering to autorun.
(122 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales