extra rules for mcafee 8.0i

Discussion in 'other anti-virus software' started by shek, Jul 4, 2005.

Thread Status:
Not open for further replies.
  1. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    Does anyone create extra access protection rules for mcafee 8.0i besides its default?

    here is mine. i have three more in the ruleset:
    1. prevent the creation of exe files in c:\*.exe
    2. prevent the creation of dll files in c:\*.dll
    3. prevent the exectution of any pif files

    any comments or recommandations?

    thanks.

    shek
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yes,PIF blocking is a very useful rule. You can also restrict SCR to execution only,but they cannot create other files.
     
  3. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    Rejzor--
    thank you very much.

    i think the first two plus the other similar four in the default ( prevent creation of exe and dll files in windows and system32 folder) are also very useful, because it could prevent system infection from many trojans and worms.
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I don't recommend blocking of DLL and EXE files in WINDOWS and SYSTEM32 folder. Many programs create them there upon perfectly legit installation.
     
  5. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    Here are what i usually do. first, i always download applications from the sources i trust. if the applications i will install relate to system kernel, such as firewall, process guard and system patches, i will manually disable mcafee and install them. for other softwares, i will leave mcafee enable. most of the time when failure happens, there would be a warning, saying some dll or exe files fail to install and give user several options, such as retry and cancel. Then i will disable mcafee and let the install process goes on.
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    As you wish,but this could lead into problems. I recommend Remote file creation protection over yopur own rule to block all EXE/DLL creations.
     
Loading...
Similar Threads
  1. Ibrad
    Replies:
    24
    Views:
    2,400
Thread Status:
Not open for further replies.