We are a heavy Citrix environment. Most of our line of business applications are run through Citrix Secure Gateway. I would like to be able to activate the rule blocking applications from running files in the temp folder. However, when a Citrix app is launched, it gets flagged by the rule as well, as follows "Would be blocked by Access Protection rule (rule is currently not enforced) C:\Program Files\Internet Explorer\IEXPLORE.EXE C \DOCUME~1\xxxxxx\LOCALS~1\Temp\ica???.tmp Common Standard Protection: Prevent common programs from running files from the Temp folder Action blocked: Execute" The files launched are always of the form ica???.tmp.
The same thing happens under Anti-spyware Maximum Protectionrevent all programs from running files from the Temp folder, unless I exclude iexplore.exe
Any tips on setting up the access protection rules so IE is blocked from running most files in temp, but still allow the ica???.tmp files to launch.
If I exclude IE from the rule overall, I might as well just turn it off.
Agreed, you do not want to exclude IExplore from this rule - if you are to use it.
But unfortunately, the AP rules user-interface does not allow for the flexibility you are seeking.
This is an FMR (feature modification request) that could be considered for future releases. Are you familiar with how to submit FMRs?
http://www.mcafee.com/apps/downloads/products/product.asp, it's a tricky page to find.