cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
IMarsh
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 1 of 8

Re: How to block installations of Browser Hijackers such as Onelaunc

HI User56386389

I only support ATD so I would raise the question with the Endpoint Team who manages end point product as they may be able to assist.  I will move the request to their queue

Thank you for reaching out to McAfee Network Team 

If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
7 Replies

Re: How to block installations of Browser Hijackers such as Onelaunc

Thank you.

Re: How to block installations of Browser Hijackers such as Onelaunc

I always keep my Operating System updated and uses anti virus such as mcafee with real time protection.

I hope this could help. Try browsing Mcafee app and search for the real time protection,

Best regards,

Judy Gilmore

FB: Judy Gilmore

Website: takefiveapp.com

Re: How to block installations of Browser Hijackers such as Onelaunc

No, that does not help. Very Botish answer.

Sivakumar1
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 8

Re: How to block installations of Browser Hijackers such as Onelaunc

Hello @User56386389 . Thank you for reaching out McAfee Community. What version McAfee are we using?. Is it McAfee ENS or VSE. We have a lot of countermeasures that can be followed up against Browser Hijackers. With McAfee ENS we have ,

ENS Adaptive Threat Protection (ATP)
ENS Dynamic Application Containment (DAC)
ENS Threat Prevention Antimalware Scan Interface (AMSI)
ENS Exploit Prevention
ENS Exploit Prevention Expert Rules
ENS Access Protection default rules
ENS Access Protection custom rules
ENS Firewall Rules

With Virus Scan Enterprise we have,

VSE Access Protection default rules
VSE Access Protection custom rules
Host IPS signatures

And With MSME [ McAfee® Security for Microsoft Exchange] we have antispam and on-access scan policies

And as well,

Use spam filtering.
Use ENS Web Control, which displays safety ratings and reports for websites during online browsing and searching. ENS Web Control enables the site administrator to block access to websites based on safety rating or content.
Prevent PowerShell from running on systems in which PowerShell is not intended to run.
Make sure that Microsoft Office security policies for macros are set to High or Very High.
Block .EXE, .RAR, .SCR, .CAB, .VBS, .BAT, .WSF, .JS, .PS1, .IQY, .SCT and similar attachments at the mail or web gateway, or both.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Re: How to block installations of Browser Hijackers such as Onelaunc

It's ENS,

We could block all EXE's from the download folder, but we have a lot of legitimate exe's that we want run and a wide variety as well (zoom, webex, and other mobile support softwares occasionally)

I've been trying to figure out an ENS exploit prevention expert rule, but not much luck.


Rule {
Process {
Include OBJECT_NAME { -v explorer.exe }
Include OBJECT_NAME { -v cmd.exe }
}
Target {
Match FILE {
Include OBJECT_NAME {
-v "*OneLaunch*"
}
Include -access "CREATE READ"
}
}
}

Started off with just CMD.exe but that only works in command line they can still create the file in explorer
So i added explorer.exe everything was working fine.

But then, i downloaded the file straight from the internet and it downloads and runs with no issues. I tried adding chrome.exe as a process but that doesn't work.

Is there a way to add the chrome process to my "expert rule" so that way any files downloaded from chrome with the word OneLaunch in them will not get loaded?


In absence of a way to do this is there any other solutions you can think of that would help? It does seem like all the files have OneLaunch in the title, but i may just be going down a rabbit hole with that.

Re: How to block installations of Browser Hijackers such as Onelaunch

my experience with web control, and maybe we just don't implement it correctly.

They can just use another browser or in some cases just not install the plugin. And since i guess "onelaunch" is considered not malicious it lets them download it and visit the sites that trick them into downloading it.

Just sad that microsoft doesn't require admin rights to install to the appdata local folders.would prevent this kinda garbage.

Sivakumar1
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: How to block installations of Browser Hijackers such as Onelaunch

Hello @User56386389 . Thank you for the post. I would try to implement an AP [ Access Protection] Rule against this. Please do try in a test machine before we implement to production. Please follow up the instructions below,

1.Log on to ePO.
2.Click Menu, Policy, Policy Catalog.
3.Select Endpoint Security Threat Prevention from the Product drop-down list.
4.Select Access Protection from the Category drop-down list.
5.Edit the policy and click Show Advanced.
6.Click Add in the Rules section.
7.Add the appropriate path to block. You can include wildcards.
8.Under Subrules, click Add and configure the subrule action as Create, Delete, Read, or Write.
9.Define the rule type as a Files, Registry key, or Registry value.
10.Add the file or folder path to Include or Exclude.
11.Save the changes.

I have also added up the screenshots of rules and sub rules to be added for One-launch. Please do check it and give me an update on this. 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community