cancel
Showing results for 
Search instead for 
Did you mean: 

How to block old versions of Java?

Hi all,

Can any ePO HIPS pro's out there please tell me how I can go about blocking old versions of Java using the HIPS/Application Blocking/Blacklisting feature?  I'm not 100% sure how to do this.

Any advice and feedback would greatly be appreciated!

Thanks!

Y

5 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: How to block old versions of Java?

  1. Create a custom IPS signature that blocks the Java executable (e.g., Java.exe).  Not sure exactly what the filename will be.

    KB71329 - How to blacklist applications using a Host Intrusion Prevention 8.0 custom signature
  2. Create an IPS exception that will allow the specific Java versions that you want (MD5 hash will define the newer Java versions you want to allow).

Re: How to block old versions of Java?

Hi Kary,

Thank you for your quick reply.

I have HIPS v7.0.5, not 8.0 at the moment.  To create this custom IPS signature, would I create it in:

Host Intrusion Prevention 7.0.5:  Application Blocking > Application Blocking Rules (Windows)

or would I create that signature in:

Host Intrusion Prevention 7.0.5:  IPS Rules (All Platforms)?

Please advise.

Thanks again!

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: How to block old versions of Java?

With HIPS 7.0, use the Application Blocking module.  Same type of rule, however, unless you're wanting to block other applications, create a final rule at the bottom that allows "*" so that you don't block any other applications.  Basically, you are configuring a blacklisting Application Blocking policy.  Block all Java, except for specific versions, and then allow all applications.  Please test this before implementing in your production environment.

Re: How to block old versions of Java?

Thank you!  I will test this out and let you know how it goes. 

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: How to block old versions of Java?

Correction:

The rules would look something like:

1. Allow specific Java.exe versions by MD5 hash - Path won't work since this could include older versions.

2. Block all Java.exe exectuables.

3. Allow *