McAfee SAV85E - Active VirusScan - PC Manual de usuario descargar pdf (Pagina 6)

White Paper Access Protection in McAfee VirusScan Enterprise and

Host Intrusion Prevention

Anti-spyware Standard Protection

This group of rules only applies if you have the AntiSpyware Enterprise Module installed. The rules for

VSE begin in the section titled “Anti-virus Standard Protection.”

“Protect Internet Explorer favorites and settings”

Intention: This rule is designed to prevent modiﬁcation of Microsoft Internet Explorer conﬁgurations

and ﬁles by any process not listed in the rule’s exclusion list. A common tactic of malware is to change

the browser’s start page, and install favorites. This rule protects against certain start page Trojans,

adware, and spyware that modify browser settings.

Risks: There really aren’t any drawbacks to enabling this rule, as it simply blocks processes from making

changes to favorites and settings in Microsoft Internet Explorer.

ID and Name in Host IPS:

3890, Access Protection—Protect Internet Explorer favorites and settings.

Anti-spyware Maximum Protection

“Prevent installation of new CLSIDs, APPIDs, and TYPELIBs”

Intention: This rule prevents the installation or registration of new COM servers. Some adware and

spyware programs can install themselves as a COM add-on in Microsoft Internet Explorer or Microsoft

Ofﬁce applications.

Risks: If you have an application that needs to install a COM add-on that isn’t already listed in the

exclusion list, it will be blocked. The installation of some common applications, like Macromedia Flash,

registers COM add-ons and may be blocked by this rule.

ID and Name in Host IPS:

3891, Access Protection—Prevent installation of new CLSIDs, APPIDs, and TYPELIBs.

“Prevent all programs from running ﬁles from the Temp folder”

This rule will block any executable from running from the Temp directory; however, this rule is much

more restrictive in that it stops nearly all processes from launching in the Temp folder. This provides the

most protection, but also has a higher chance of blocking a legitimate application from being installed.

Intention: Most viruses need to be run once by a person before infecting a computer. This can be done

in many ways, such as opening an executable attachment in an email, downloading a program from the

Internet, etc. For example, <http://vil.nai.com/vil/content/v_101034.htm>.

An executable needs to exist on the disk before Windows can run it. A common way for applications to

achieve this is to save the ﬁle in the user’s or system’s Temp directory and then run it.

One purpose of this rule is to enforce advice that is frequently given to people: “don’t open attachments

from email.” The other purpose of this rule is to close security holes introduced by application bugs.

Older versions of Outlook and Internet Explorer are notorious for automatically executing code without

the user needing to do anything but preview an email or view a website.

Risks: All applications that are protected by these rules offer alternatives to running executables, such

as saving them somewhere else on the disk and running from there. So the downside of the rules is that

users may need to learn a few extra steps before doing things they can do more quickly now.

Note: Enabling this rule may prevent some applications from functioning outright.

ID and Name in Host IPS:

3905, Access Protection—Prevent all programs from running ﬁles from the Temp folder.

1 2 3 4 5 6 7 8 9 10 11 ... 23 24

Comentarios a estos manuales

Sin comentarios

McAfee SAV85E - Active VirusScan - PC Manual de usuario Pagina 6

Comentarios a estos manuales

Relacionado con productos y manuales para Software McAfee SAV85E - Active VirusScan - PC