cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
edelyas
Level 7
Report Inappropriate Content
Message 1 of 2
‎06-07-2019 12:25 PM

ENS for Linux How to block process skypeforlinux

 

Good afternoon, I'm trying to block the skypeforlinux process via access protection, but without success. I created the rule by the name of the process and by the hash and both without success.

I also tried blocking the creation of .zip files and it did not work.

The same rule on the windows platform works perfectly.

Has anyone ever had this problem?

 

ENS for Linux 10.6.2 and ENS for Linux 10.6.1

Agent 5.6.0 and 5.5.1

Thanks.

 

Edson

0 Kudos
Reply
1 Reply
BSharma
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2
‎02-27-2020 12:10 AM

Re: ENS for Linux How to block process skypeforlinux

Hello Edson,
 
There two following ways to perform this.
 
Manually on Machine and from EPO console.
 
Create Access Protection rules
You can create Access Protection rules, edit the rule settings, or delete the rules from the command line.
Task
  1. Log on to the system as a user with administrator rights.
  2. Change the directory to the/bin directory.
cd /opt/isec/ens/threatprevention/bin
  1. Run the command:
./isecav --createaprule --rulename [value] --block [enable |disable] --report [enable |disable] --subrulename [value] --subruletype [file | process] --operations [value(s)] --includetargetfile [file1, file2...]
Example: Create a rule to block create file operation
./isecav --createaprule --rulename test1 --block enable --report enable --subrulename stest1 --subruletype file --operations create --includetargetfile /tmp/testfile1
When you run the command from the /opt/isec/ens/threatprevention/bin directory, a rule test1 with a subrule stest1 is created that blocks the user from creating a file or directory with the name testfile1 in the /tmp directory.
 
Reference:
Add Access Protection global exclusions
https://docs.mcafee.com/bundle/endpoint-security-10.5.1-threat-prevention-product-guide-linux/page/G...
 
Configure Access Protection rules
Change the behavior of McAfee-defined rules or create custom rules to protect your managed access points.
Task
  1. Select Menu → Policy → Policy Catalog, then select Endpoint Security Threat Prevention from the Product list.
  2. From the Category list, select Access Protection.
  3. Click the name of an editable policy.
  4. Click Show Advanced.
  5. Select the platform as Linux.
  6. Change a McAfee-defined rule: In the Rules section, select the rule, then click Edit.
    1. On the Rule page, configure rule options.
    2. In the Executables section, click Add, configure executable properties, then click Save twice to save the rule.
  7. Create a custom rule: In the Rules section, click Add.
    1. On the Rule page, configure the settings.
    2. In the Executables section, click Add, configure executable properties, then click Save.
An empty Executables table indicates that the rule applies to all executables.
    1. In the User Names section, click Add, configure user name properties, then click Save.
An empty User Names table indicates that the rule applies to all users.
    1. In the Subrules section, click Add, then configure subrule properties.
TIP: Best practice: To avoid impacting performance, don't select the Read operation.
    1. In the Targets section, click Add, configure target information, then click Save three times.
  1. Specify the behavior of the rule: In the Rules section, select BlockReport, or both for the rule.
    • To select or deselect all rules under Block or Report, click Block All or Report All.
    • To disable the rule, deselect both Block and Report.
  1. Click Save.
 
 
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget t select "Accept as a solution" if this reply resolves your query!
 
 
Thanks & Regards
BSharma
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC