I would like to ensure a uniform installation and configuration of the Chrome browser. To this end, I would like to disable Chrome from being used out of the User\*\AppData folder.
My idea would be to block outgoing traffic for the process if it is from that location - essentially disabling Chrome from running out of userland while still allowing full function from Program Files.
Do you think this is best accomplished (or able to be accomplished) in HIPS or Access Protection?
A HIPS custom IPS signature (to prevent read/execute of Chrome in the Appdata directory; a FILES or PROGRAM signature) would be more applicable here than the HIPS Firewall (which would just block Chrome network traffic). Page 101 of McAfee Corporate KB - Host Intrusion Prevention 8.0 Product Guide PD22894 .
Interesting... I read it, and then popped an advil.
That section of the documentation could really be improved by some practical examples, though I think I can figure it out.
I wonder what a good naming and ID assignment scheme might be. Are ID ranges typically reserved for homegrown rules?
Custom IPS signatures will range from 4000-5999. Here's an example of what it could look like; tailor to your needs though.
KB71329 - How to blacklist applications using a Host Intrusion Prevention 8.0 custom signature