cancel
Showing results for 
Search instead for 
Did you mean: 
rbmimi
Level 7

Application Blocking Advice

My co-worker asked me to block an application that another office here has been using to prevent the screen saver from coming on. It is called Caffeine and the executable is caffeine.exe. The problem is that you can place it anywhere on the computer and even change its name and the block no longer works. I wanted to know if there was a better way to stop people from using that with HIPS or some other program in HBSS?

Thanks in advance.

0 Kudos
5 Replies
McAfee Employee

Re: Application Blocking Advice

You can block the application by using the MD5 hash, then it won't matter where it's located on the system or what it's named.

0 Kudos
sparkdragon
Level 7

Re: Application Blocking Advice

As Kary Tankink mentioned, you can use the information in the KB Article below:

https://kc.mcafee.com/corporate/index?page=content&id=KB71794

Enjoy

Spark

0 Kudos
McAfee Employee

Re: Application Blocking Advice

I'm not sure which version rbmimi is running, but this KB might have a bit more detail.

KB71329 - How to blacklist applications using a Host Intrusion Prevention 8.0 custom signature

0 Kudos
sparkdragon
Level 7

Re: Application Blocking Advice

Nice.  I think they complement each other.  This will be helpful as I get ready to implement this myself.

0 Kudos
epository
Level 10

Re: Application Blocking Advice

If you  have VSE installed, just add the executable to the "Unwanted Programs" list........anyone who pops for it, report it up to the CIO and get them a reprimand for intentionally bypassing security.

Ask the CIO for approval and actually demonstrate how easy it is to exfiltrate data off those workstations....a few days of unpaid leave for some employees would send the right message.

0 Kudos