cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 10

Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

Hi everyone,

We have ePO5.1 and VSE 8.8 Patch 4, Internet explorer 11, Windows 7 Professional 64-bit. Common Standard Protection:Prevent common programs from running files from the Temp folder is configured to just report of this events and now we have a lot of events, where Threat Source Process Name is IEXPLORE.EXE and Threat Target File Paths are:

..\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

..\AppData\Local\Temp\JavaDeployReg.log

..\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat

..\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat

and so on

All of this files aren't executable, why this events are reported and how to prevent them?

Message was edited by: artuha on 5/29/14 1:46:43 AM CDT
9 Replies
rackroyd
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 10

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

Moving to VirusScan for better attention.





Was my reply helpful?


If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 10

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

I have the same issue with Anti-spyware Maximum Protection: Prevent execution of scripts from the Temp folder.

The threat source process is usually cscript.exe and the target is usually in a local settings or app data temp folder like History.IE5 or Content.IE5, or Cookies, and is reading a .dat file.

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 10

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

Hi,

It sounds that those files are "cookies" (temp files created when surfing in the net) and they try to run when navigating for the websites and it will be trigged in AP. I wouldn not recommend to create an exclusion for IEXPLORER.exe as it can be a security risk.

Cheers,

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 10

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

I got such events 30000 per day. It's annoying. I must open case to Microsoft to prevent it?

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 10

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

You could open a case with McAfee, but I am sure they will say that product works as design.

Former Member
Not applicable
Report Inappropriate Content
Message 7 of 10

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

llamamecomoquieras wrote:

You could open a case with McAfee, but I am sure they will say that product works as design.

  You are right. Answer from McAfee support:

Access protection is doing, what it is designed for, however I am wondering Why Iexplorer.exe  is trying to create SuggestedSites.dat and counters.dat in the temp location?

Former Member
Not applicable
Report Inappropriate Content
Message 8 of 10

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

Then, you right you should open a case with Microsoft to get a clear picture why the files are being created in tmp folder..

Cheers,

drliv1980
Level 7
Report Inappropriate Content
Message 9 of 10

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

Hey there,

First, if you don't want to see those events you can simply disable them in the server settings.  I wouldn't recommend doing that though.  If you and your team know those particular files are not legitimate you could create a new On Demand Scan that looks for those files and deletes them. 

Just throwing some ideas out there.

boschind
Level 10
Report Inappropriate Content
Message 10 of 10

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

just to confitm that also in the installation i administer we have more than 100,000 events like this per day on a base of about 1000 mcafee agents: annoying or even makes this reporting not useful...

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community