Can you be specific which McAfee product you are asking about so i can move this to the correct team?
I'm not entirely sure, Which product would be best to block browser hijackers such as one launch.
It's basically a software that doesn't require admin rights to run. But for some reason it's not a virus and is legal even though they trick people into downloading and installing it.
I chose Advanced Threat defense because this in my opinion is a type of malware. Others may disagree.
but mcafee does not prevent it's installation or pick it up as a virus since it's by a legitimate scam company i guess.
If the payload is no malicious, ATD will only give the file a non malicious conviction. You can blacklist the hash in ATD manually through the CLI
If it's a hash you want to block you can do this through TIE and this will block the execution on the end point. The TIE support team can help you with this.
If you have MWG you can reach out to the MWG support team and see if you can block the file from being downloaded
Don't have the gateway, but i'll look into the other two options.
Even if the payloads not malicious, working in the healthcare industry anything that's being installed with out admin approval is in essence malicious cause it can be scanning our patient data.
I just dont understand why software that bypasses admin rights to install isn't by default viewed as malicious.
The products we use are :
Endpoint Security Platform
Endpoint Security Threat Prevention
Endpoint Security Adaptive Threat Protection
Endpoint Security Firewall
Endpoint Security Web Control
Which one would be the best product for blocking the hashes of these products?
Take these steps to prevent your browser from getting hijacked. Update Your OS and Your Browser Software. Use a Security-Conscious Alternate DNS Resolution Provider. Use Your Antivirus Software's 'Real-time Protection' Feature. Use Caution Before You Install Any Software From the Internet.
Thank you for your response. But these will not resolve the issue since it's not viewed as malicious by the antivirus software. Which is why i'm seeking alternative methods to block it using mcafees software.
I may also be misusing the term "browser hijacker" since it's essentially an unwanted chrome based browser.
"Use Caution Before You Install Any Software From the Internet."
Good suggestion, but again this is from admin side of the house. Any system administrator will tell you end users are like children you tell them not to do something and they will do it anyway