cancel
Showing results for 
Search instead for 
Did you mean: 

Allow only certain version of browser to install (ENS/ePO)

Jump to solution

Hello guys,

we have been using ePO and ENS. We have got two policies which allows us to run chrome browser on certain computers. It is easy to control whether a browser is allowed or not.

However is there a possibility to configure the chrome.exe blockage so it only allows execution of version 72.0.3626.121 and above?

 

Thank you.

1 Solution

Accepted Solutions
Highlighted
Reliable Contributor Daveb3d
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: Allow only certain version of browser to install (ENS/ePO)

Jump to solution

This should get you pretty close.

 

Rule {

Process {

Include OBJECT_NAME { -v ** }

}

Target {

Match FILE {

Rule {

Process {

Include OBJECT_NAME { -v ** }

}

Target {

Match FILE {

Include OBJECT_NAME { -v "chrome.exe" }
Include VERSION {
-v "71*"
-v "70*"
-v "6*"
}
Exclude VERSION { -v ** }

Include -access "EXECUTE"
}
}}

 

I don't have an older version loaded to test, so I'm not sure if the exclusion will overrule the inclusion. In other words, you might need to explicitly define the allowed versions so to block the unallowed versions.  

Hopefully that makes sense.  

Dave

4 Replies
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Allow only certain version of browser to install (ENS/ePO)

Jump to solution

Hi @perseus142 

With ENS you would only be able to limit the block/ allow to process name, MD5 or signer - not version. As these things are likely the same, I can't think of a way you could do it.

If you use ATP in combination with a TIE server you may be able to mark the installer version you want as trusted and older ones as malicous and block them that way but that's not really a good solution.

Solidcore Application Control would be a more suitable product to achieve these goals.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted
Reliable Contributor Daveb3d
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: Allow only certain version of browser to install (ENS/ePO)

Jump to solution

This should get you pretty close.

 

Rule {

Process {

Include OBJECT_NAME { -v ** }

}

Target {

Match FILE {

Rule {

Process {

Include OBJECT_NAME { -v ** }

}

Target {

Match FILE {

Include OBJECT_NAME { -v "chrome.exe" }
Include VERSION {
-v "71*"
-v "70*"
-v "6*"
}
Exclude VERSION { -v ** }

Include -access "EXECUTE"
}
}}

 

I don't have an older version loaded to test, so I'm not sure if the exclusion will overrule the inclusion. In other words, you might need to explicitly define the allowed versions so to block the unallowed versions.  

Hopefully that makes sense.  

Dave

Re: Allow only certain version of browser to install (ENS/ePO)

Jump to solution

Thank you Dave,

as I am new in McAfee world, could you advise me where to enter the code please ?

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: Allow only certain version of browser to install (ENS/ePO)

Jump to solution

@perseus142 This would be entered as an expert rule into your Endpoint Security Threat Prevention Exploit Prevention policy. After you click "show advanced" you'll see the button for "Add Expert Rule" under the table in the "Signatures" section of the policy. 

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator