cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Herkules
Level 10
Report Inappropriate Content
Message 1 of 8

How to block an .exe file using Access Protection

Jump to solution

Dear Support,

I am trying to block two .exe files from starting in Windows 10 environment over ePO 5.10

The ENS Access Protection should provide this function but I couldn't manage yet to apply this. I am following the instructions of the article KB86577 which is unclear especially at the steps 8, 9 and 10.

Is there a graphical example available that you can provide me with?

Thank you in advance.

1 Solution

Accepted Solutions
mmuthuga
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: How to block an .exe file using Access Protection

Jump to solution

Hi @Herkules,

Yes no executable file. Rule will be applicable for any source process doing the actions on test1.exe and test2.exe files.

Or you can create a process subrule type AP rule to prevent test1.exe and test2.exe from starting as in screenshot. Other parts of rule are same as previous screenshots.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

 

View solution in original post

7 Replies
rfranci
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: How to block an .exe file using Access Protection

Jump to solution

Hi @Herkules ,

Thank you for reaching us on community!

Before adding a block policy, we recommend you to duplicate the existing policy and apply it to the test machine. So that you can test the rules on one machine before applying it to other machines :

How to add the Access Protection rule to the duplicated policy for  "Endpoint security":

  • Log on to EPO.
  • Go to " Policy Catalog ".
  • Open the previously duplicated policy (let the name be " test ") by clicking on "edit" .
  • Click on "Add" under "rules" section.
  • Enter the policy name.
  • Select the action "block" and "report".
  • Click on "Add" under "Executables".
  • Enter any name as per your wish, under "Name:" field.
  • Enter "*" under File name or path field.
  • Click on save.
  • Scroll down to "subrules: "section.
  • Click on "Add".
  • Enter any name as per your wish under "Name:" field.
  • Sub rule type : File.
  • Select the below operations :

   >> Execute

  • Click on "Add " under targets.
  • Under "File, folder name, or file path  " section enter the process name or complete location of that executable file.
  • Example: test.exe (or) C:\Newfolder\test.exe
  • Click on save.
  • Save the entire policy.

make sure that the policy has reached the machine before testing the rule.

Thank you 

rfranci
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 8

Re: How to block an .exe file using Access Protection

Jump to solution

Hi @Herkules ,

Thank you for reaching us on Community !

Before adding a block policy, we recommend to duplicate the existing policy and apply it to the test machine. So that you can test the rules on one machine before applying it to other machines.

How to add the Access Protection rule to the duplicated policy for  "Endpoint security":

  • Log on to EPO.
  • Go to " Policy Catalog ".
  • Open the previously duplicated policy (let the name be " test ") by clicking on "edit" .
  • Click on "Add" under "rules" section.
  • Enter the policy name.
  • Select the action "block" and "report".
  • Click on "Add" under "Executables".
  • Enter any name as per your wish, under "Name:" field.
  • Enter "*" under File name or path field.
  • Click on save.
  • Scroll down to "sub rules: "section.
  • Click on "Add".
  • Enter any name as per your wish under "Name:" field.
  • Sub rule type : File.
  • Select the below operations :

   >> Execute

  • Click on "Add " under targets.
  • Under "File, folder name, or file path  " section enter the process name or the complete path.

Example: test.exe (or) C:\NewFolder\test.exe

  • Click on save.
  • Save the entire policy.

Thank you, 

mmuthuga
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: How to block an .exe file using Access Protection

Jump to solution

Hi @Herkules, You can try to create a subrule type of Files as in attached screenshot.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Herkules
Level 10
Report Inappropriate Content
Message 5 of 8

Re: How to block an .exe file using Access Protection

Jump to solution

Hi @mmuthuga ,

Thank you for the reply. How should also the basic rule look like?

mmuthuga
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: How to block an .exe file using Access Protection

Jump to solution

Hi @Herkules , I am attaching two screenshots for the full rule.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

 

 

Herkules
Level 10
Report Inappropriate Content
Message 7 of 8

Re: How to block an .exe file using Access Protection

Jump to solution

Hi @mmuthuga , correct if I'm wrong but there is no executable defined in AccessProtection2.jpg

mmuthuga
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: How to block an .exe file using Access Protection

Jump to solution

Hi @Herkules,

Yes no executable file. Rule will be applicable for any source process doing the actions on test1.exe and test2.exe files.

Or you can create a process subrule type AP rule to prevent test1.exe and test2.exe from starting as in screenshot. Other parts of rule are same as previous screenshots.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community