Hi Peeps, I need help in blocking shell.jse using ENS in ePO. can someone help and assist on how to do it in a very detailed manner? thank you in advance!
Solved! Go to Solution.
The AP rule looks fine. In the rule select other operations like read, write etc and see if it will result in blocking shell.jse file. Remove the executable in rule.
You can also try adding shell.jse as a PUP in ENSTP options policy. In OAS policy set action for unwanted program to delete. This should deleted shell.jse on execution.
Create an Access Protection(AP) rule in AP policy. In the AP rule do not specify an executable or username, only add a subrule of Files type. In the subrule, select all operations to block and add a target as File path and specify it as shell.jse as shown in attached screenshot.
Hi @mmuthuga thank you for your email. appreciate it. I already created an AP Policy yesterday but I am not that sure if I did it correctly. Can you please check the attached screenshot? and also, is it possible to treat and detect shell.jse as a threat and delete it once OAS scanned and detected it?
The AP rule looks fine. In the rule select other operations like read, write etc and see if it will result in blocking shell.jse file. Remove the executable in rule.
You can also try adding shell.jse as a PUP in ENSTP options policy. In OAS policy set action for unwanted program to delete. This should deleted shell.jse on execution.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA