cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Allow only certain version of browser to install (ENS/ePO)

Jump to solution

Hello guys,

we have been using ePO and ENS. We have got two policies which allows us to run chrome browser on certain computers. It is easy to control whether a browser is allowed or not.

However is there a possibility to configure the chrome.exe blockage so it only allows execution of version 72.0.3626.121 and above?

 

Thank you.

1 Solution

Accepted Solutions
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: Allow only certain version of browser to install (ENS/ePO)

Jump to solution

This should get you pretty close.

 

Rule {

Process {

Include OBJECT_NAME { -v ** }

}

Target {

Match FILE {

Rule {

Process {

Include OBJECT_NAME { -v ** }

}

Target {

Match FILE {

Include OBJECT_NAME { -v "chrome.exe" }
Include VERSION {
-v "71*"
-v "70*"
-v "6*"
}
Exclude VERSION { -v ** }

Include -access "EXECUTE"
}
}}

 

I don't have an older version loaded to test, so I'm not sure if the exclusion will overrule the inclusion. In other words, you might need to explicitly define the allowed versions so to block the unallowed versions.  

Hopefully that makes sense.  

Dave

View solution in original post

4 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Allow only certain version of browser to install (ENS/ePO)

Jump to solution

Hi @perseus142 

With ENS you would only be able to limit the block/ allow to process name, MD5 or signer - not version. As these things are likely the same, I can't think of a way you could do it.

If you use ATP in combination with a TIE server you may be able to mark the installer version you want as trusted and older ones as malicous and block them that way but that's not really a good solution.

Solidcore Application Control would be a more suitable product to achieve these goals.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: Allow only certain version of browser to install (ENS/ePO)

Jump to solution

This should get you pretty close.

 

Rule {

Process {

Include OBJECT_NAME { -v ** }

}

Target {

Match FILE {

Rule {

Process {

Include OBJECT_NAME { -v ** }

}

Target {

Match FILE {

Include OBJECT_NAME { -v "chrome.exe" }
Include VERSION {
-v "71*"
-v "70*"
-v "6*"
}
Exclude VERSION { -v ** }

Include -access "EXECUTE"
}
}}

 

I don't have an older version loaded to test, so I'm not sure if the exclusion will overrule the inclusion. In other words, you might need to explicitly define the allowed versions so to block the unallowed versions.  

Hopefully that makes sense.  

Dave

View solution in original post

Re: Allow only certain version of browser to install (ENS/ePO)

Jump to solution

Thank you Dave,

as I am new in McAfee world, could you advise me where to enter the code please ?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: Allow only certain version of browser to install (ENS/ePO)

Jump to solution

@perseus142 This would be entered as an expert rule into your Endpoint Security Threat Prevention Exploit Prevention policy. After you click "show advanced" you'll see the button for "Add Expert Rule" under the table in the "Signatures" section of the policy. 

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community