Can some one tell me what this is as I am trying Sygate with Mcafee IIS 2006 V 8.0 Application Hijacking has been detected The application: C:\Program Files\McAfee.com\VSO\mcvsshld.exe try to launch another application: c:\Program Files\McAfee.com\VSO\McVSEscn.exe to go to remote host pop.ntlworld.com Thanks
looks like you'll need to do a bit of tweaking with sygate to fix that problem. those two processes are completely legitimate and are processes that rightfully belong to your AV. mcvsshld.exe -is basically an important file used to ensure stability for McAffee IS software. McVSEscn.exe -is used to automatically scan incoming emails. sygate is a firewall with outbound protection and firewalls don't neccasarily always warn you of actual security threats. its basically doing its job based on how its configured, which is asking the user whether he/she should allow the run of the program or not. and sorry i haven't tried sygate before so i don't know a lot on how to set up effective advanced rules that work for you. but anyway, i hope that helps
Hi, First, it's nothing to worry about. Sometimes applications launch other applications. For instance, when you click help within a program and it launches your browser. Sygate detect this is not the standard procedure of starting the browser, so it alerts you. Second, what do you want to know about the advanced rules? Ask and thou shalt be answered... maybe. Gimme a specific one. Mrk
Hi MrKvonic, As far as advanced rules go I would like to make Firefox and IE access to the internet a bit more strict as well as Outlook. Thanks
Hi, Hmmm. Advanced rules are for more complex things. IE / Firefox use mainly port 80 to communicate. It's pretty straighforward communication. You can tweak IE / FF to be more secure, but the packets they get ...? Advanced rules can be, for instance, blocking incoming UDP spam on port 1027, for instance, or outgoing icmp, and such. But I don't think you can actually make the IE / Firefox communications safer without breaking them. IE / Firefox need to connect - you have to let them, otherwise you won't be able to browse. I checked my log now - communication strictly via port 80 (and sometimes for https port 443). Not much tweaking there. Mrk
So in other words a lot of people will create a rule to give FF or IE access to port 80 and 445 but these apps will be let out of these ports automatically by the firewall if it contains application control and if you create rules for these ports it is none the safer, but a rule is created to block a program or a communication.
