McAfee SAV85E - Active VirusScan - PC Manual de usuario descargar pdf (Pagina 8)

White Paper Access Protection in McAfee VirusScan Enterprise and

Host Intrusion Prevention

“Prevent remote creation of autorun ﬁles”

Intention: Autorun ﬁles are used to automatically launch program ﬁles, typically setup ﬁles from

CDs. Preventing other computers from making a connection and creating or altering autorun.inf ﬁles

can prevent spyware and adware from being executed. There are a lot of spyware and virus programs

distributed on CDs. Microsoft has disabled autorun in Windows XP Service Pack 2.

Included processes: system:remote

Excluded processes: none

ID and Name in Host IPS:

There is no corresponding signature in Host IPS.

“Prevent hijacking of .EXE and other executable extensions”

Intention: This rule protects the .EXE and other keys under HKEY_CLASSES_ROOT. Some viruses alter

these keys to ensure that the virus is run when any other executable runs. Enabling this rule will prevent

spyware and malware from modifying important operating system and executable ﬁles.

Included processes: all

Excluded processes: installers

ID and Name in Host IPS:

3887, Access Protection—Prevent hijacking of .EXE and other executable extensions.

“Prevent Windows Process spooﬁng”

Intention: Many viruses and Trojans run use the name of a Windows process. This rule prevents ﬁles

from being created or executed with the most commonly spoofed names. The authentic Windows ﬁle

is excluded.

Risks: None

Included processes: all

Excluded processes: none

ID and name in Host IPS:

3888, Access Protection—Prevent Windows Process spooﬁng.

1 2 3 4 5 6 7 8 9 10 11 12 13 ... 23 24

Sin comentarios

McAfee SAV85E - Active VirusScan - PC Manual de usuario Pagina 8