cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
sanba06c
Level 10
Report Inappropriate Content
Message 1 of 7

How to block Microsoft Store on McAfee ePo?

Jump to solution

Hello,

For some reasons which are clearly stated in this article, I cannot block Microsoft Store on Windows.

Is there anyway for me to block this app through McAfee ePo?

Thank you in advance. 

1 Solution

Accepted Solutions
Rfranci
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: How to block Microsoft Store on McAfee ePo?

Jump to solution

Hi @sanba06c ,

To block the execution of Microsoft store, you should be having an endpoint product such as "Endpoint security  " with Threat prevention module or "VirusScan Enterprise"  installed in the EPO managed client machine.

To Block the execution of the an application we should know the process name. Hence, run the application and find the process name from the task manager . In this case, when I check from windows 10, it is "WinStore.App.exe"

Now, we will have to add the an "Access Protection" rule to block the execution of WinStore.App.exe.

Note :

We recommend you to test this rule in one or two machines before applying it to complete organization. So, you will have to duplicate an existing policy .

How to duplicate the existing policy :

  • Log on to EPO.
  • Go to " Policy Catalog ".
  • Endpoint Security Threat Prevention -> Access Protection ( If Endpoint security ).

VirusScan Enterprise 8.8.0 -> Access Protection policies (If VirusScan enterprise).

  • Click "edit" on an existing policy .
  • Click on "duplicate" button.
  • Name the new policy (Eg: WStore).

How to add the Access Protection rule to the duplicated policy for  "VirusScan Enterprise":

  • Log on to EPO.
  • Go to " Policy Catalog ".
  • Open the previously duplicated policy "WStore" by clicking on "edit" .
  • Select "workstation" or "server" as per your requirement depending on the client machine.
  •  click on "User-defined Rules".
  • Click "New".
  • Select "file/folder blocking rule " -> OK.
  • Under "file or folder name to block" enter the process name WinStore.App.exe.
  • Select "File being executed ".
  • Save the rule .
  • Save the policy.

 

How to add the Access Protection rule to the duplicated policy for  "Endpoint security":

  • Log on to EPO.
  • Go to " Policy Catalog ".
  • Open the previously duplicated policy "WStore" by clicking on "edit" .
  • Click on "Add" under "rules" section.
  • Enter the policy name.
  • Select the action "block" and "report".
  • Click on "Add" under "Executables".
  • Enter any name as per your wish, under "Name:" field.
  • Enter "*" under File name or path field.
  • Click on save.
  • Scroll down to "subrules: "section.
  • Click on "Add".
  • Enter any name as per your wish under "Name:" field.
  • Sub rule type : File.
  • Select the below operations :

   Execute

   Rename

  • Click on Add under targets.
  • Under "File, folder name, or file path  " section enter the process name WinStore.App.exe.
  • Click on save.
  • Save the entire policy.

Now, assign this policy to a single machine for testing:

  • Go to system tree.
  • Select a machine.
  • Actions -> Agent -> Edit policy on a single system.
  • Product : Endpoint Security Threat Prevention.
  • Click on "Edit Assignment" for "Access Protection".
  • Select "break inheritance and assign the policy and settings below".
  • In the Assigned policy section select the policy "Wstore" from the drop down.
  • Click on save.

Give a wakeup agent to the client machine.

From the client machine, make sure it received the policy.

Try to open the "windows store" application…..

It should be blocked.

 

Thank you for reaching us on community, Hope the above steps help you.

View solution in original post

6 Replies
LKS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: How to block Microsoft Store on McAfee ePo?

Jump to solution

What are the McAfee product are you using..?As per the article, if it can be done by firewall, then you may have to check ENS team incase if you are using ENS firewall.

sanba06c
Level 10
Report Inappropriate Content
Message 3 of 7

Re: How to block Microsoft Store on McAfee ePo?

Jump to solution

@LKS, I'm using McAfee Complete Endpoint Protection.

Rfranci
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: How to block Microsoft Store on McAfee ePo?

Jump to solution

Hi @sanba06c ,

To block the execution of Microsoft store, you should be having an endpoint product such as "Endpoint security  " with Threat prevention module or "VirusScan Enterprise"  installed in the EPO managed client machine.

To Block the execution of the an application we should know the process name. Hence, run the application and find the process name from the task manager . In this case, when I check from windows 10, it is "WinStore.App.exe"

Now, we will have to add the an "Access Protection" rule to block the execution of WinStore.App.exe.

Note :

We recommend you to test this rule in one or two machines before applying it to complete organization. So, you will have to duplicate an existing policy .

How to duplicate the existing policy :

  • Log on to EPO.
  • Go to " Policy Catalog ".
  • Endpoint Security Threat Prevention -> Access Protection ( If Endpoint security ).

VirusScan Enterprise 8.8.0 -> Access Protection policies (If VirusScan enterprise).

  • Click "edit" on an existing policy .
  • Click on "duplicate" button.
  • Name the new policy (Eg: WStore).

How to add the Access Protection rule to the duplicated policy for  "VirusScan Enterprise":

  • Log on to EPO.
  • Go to " Policy Catalog ".
  • Open the previously duplicated policy "WStore" by clicking on "edit" .
  • Select "workstation" or "server" as per your requirement depending on the client machine.
  •  click on "User-defined Rules".
  • Click "New".
  • Select "file/folder blocking rule " -> OK.
  • Under "file or folder name to block" enter the process name WinStore.App.exe.
  • Select "File being executed ".
  • Save the rule .
  • Save the policy.

 

How to add the Access Protection rule to the duplicated policy for  "Endpoint security":

  • Log on to EPO.
  • Go to " Policy Catalog ".
  • Open the previously duplicated policy "WStore" by clicking on "edit" .
  • Click on "Add" under "rules" section.
  • Enter the policy name.
  • Select the action "block" and "report".
  • Click on "Add" under "Executables".
  • Enter any name as per your wish, under "Name:" field.
  • Enter "*" under File name or path field.
  • Click on save.
  • Scroll down to "subrules: "section.
  • Click on "Add".
  • Enter any name as per your wish under "Name:" field.
  • Sub rule type : File.
  • Select the below operations :

   Execute

   Rename

  • Click on Add under targets.
  • Under "File, folder name, or file path  " section enter the process name WinStore.App.exe.
  • Click on save.
  • Save the entire policy.

Now, assign this policy to a single machine for testing:

  • Go to system tree.
  • Select a machine.
  • Actions -> Agent -> Edit policy on a single system.
  • Product : Endpoint Security Threat Prevention.
  • Click on "Edit Assignment" for "Access Protection".
  • Select "break inheritance and assign the policy and settings below".
  • In the Assigned policy section select the policy "Wstore" from the drop down.
  • Click on save.

Give a wakeup agent to the client machine.

From the client machine, make sure it received the policy.

Try to open the "windows store" application…..

It should be blocked.

 

Thank you for reaching us on community, Hope the above steps help you.

View solution in original post

sanba06c
Level 10
Report Inappropriate Content
Message 5 of 7

Re: How to block Microsoft Store on McAfee ePo?

Jump to solution

Thanks for the detailed, useful instructions! I will try and let you know the result.

Rfranci
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: How to block Microsoft Store on McAfee ePo?

Jump to solution

Hi  @sanba06c ,

 

To block the execution of Microsoft store, you should be having an endpoint product such as "Endpoint security  " with Threat prevention module or "VirusScan Enterprise"  installed in the EPO managed client machine.

To Block the execution of the an application we should know the process name. Hence, run the application and find the process name from the task manager . In this case, when I check from windows 10, it is "WinStore.App.exe"

Now, we will have to add the an "Access Protection" rule to block the execution of WinStore.App.exe.

Note :

We recommend you to test this rule in one or two machines before applying it to complete organization. So, you will have to duplicate an existing policy .

 

How to duplicate the existing policy :

  • Log on to EPO.
  • Go to " Policy Catalog ".
  • Endpoint Security Threat Prevention -> Access Protection ( If Endpoint security ).

VirusScan Enterprise 8.8.0 -> Access Protection policies (If VirusScan enterprise).

  • Click "edit" on an existing policy .
  • Click on "duplicate" button.
  • Name the new policy (Eg: WStore).

How to add the Access Protection rule to the duplicated policy for  "VirusScan Enterprise":

  • Log on to EPO.
  • Go to " Policy Catalog ".
  • Open the previously duplicated policy "WStore" by clicking on "edit" .
  • Select "workstation" or "server" as per your requirement depending on the client machine.
  •  click on "User-defined Rules".
  • Click "New".
  • Select "file/folder blocking rule " -> OK.
  • Under "file or folder name to block" enter the process name WinStore.App.exe.
  • Select "File being executed ".
  • Save the rule .
  • Save the policy.

 

How to add the Access Protection rule to the duplicated policy for  "Endpoint security":

  • Log on to EPO.
  • Go to " Policy Catalog ".
  • Open the previously duplicated policy "WStore" by clicking on "edit" .
  • Click on "Add" under "rules" section.
  • Enter the policy name.
  • Select the action "block" and "report".
  • Click on "Add" under "Executables".
  • Enter any name as per your wish, under "Name:" field.
  • Enter "*" under File name or path field.
  • Click on save.
  • Scroll down to "subrules: "section.
  • Click on "Add".
  • Enter any name as per your wish under "Name:" field.
  • Sub rule type : File.
  • Select the below operations :

   Execute

   Rename

  • Click on Add under targets.
  • Under "File, folder name, or file path  " section enter the process name WinStore.App.exe.
  • Click on save.
  • Save the entire policy.

Now, assign this policy to a single machine for testing:

  • Go to system tree.
  • Select a machine.
  • Actions -> Agent -> Edit policy on a single system.
  • Product : Endpoint Security Threat Prevention.
  • Click on "Edit Assignment" for "Access Protection".
  • Select "break inheritance and assign the policy and settings below".
  • In the Assigned policy section select the policy "Wstore" from the drop down.
  • Click on save.

 

Give a wakeup agent to the client machine.

From the client machine, make sure it received the policy.

 

Try to open the "windows store" application…..

It should be blocked.

 

Thankyou,

vvadim
Level 10
Report Inappropriate Content
Message 7 of 7

Re: How to block Microsoft Store on McAfee ePo?

Jump to solution

Hi.

I have configured this rule, and WinStore won't start anymore. But how to block all apps in C:\Program Files\WindowsApps, exept allowed, e.g. Calculator?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community