cancel
Showing results for 
Search instead for 
Did you mean: 
gitron
Level 7
Report Inappropriate Content
Message 1 of 2

prevention of hidden file extensions ...

A question and discussion session between me and my colleague prompted this debate.  Does Sig 413 alert if "malacious actor 1" has admin level rights to a box... possibly having moved laterally across the network, and drops his tool kit on a system.  Now some of these tools are executables hidden as .docs or .pdfs.  Will HIPS identify and eliminate this threat?

1 Reply

Re: prevention of hidden file extensions ...

My take is that the situation you named is possible, completely independent of the users credentials.

I believe the signature will trigger based solely on the detection of a double file extension.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community