cancel
Showing results for 
Search instead for 
Did you mean: 
artuha
Level 7
Report Inappropriate Content
Message 1 of 10

Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

Hi everyone,

We have ePO5.1 and VSE 8.8 Patch 4, Internet explorer 11, Windows 7 Professional 64-bit. Common Standard ProtectionSmiley Tonguerevent common programs from running files from the Temp folder is configured to just report of this events and now we have a lot of events, where Threat Source Process Name is IEXPLORE.EXE and Threat Target File Paths are:

..\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

..\AppData\Local\Temp\JavaDeployReg.log

..\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat

..\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat

and so on

All of this files aren't executable, why this events are reported and how to prevent them?

Message was edited by: artuha on 5/29/14 1:46:43 AM CDT
9 Replies
rackroyd
Level 16
Report Inappropriate Content
Message 2 of 10

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

Moving to VirusScan for better attention.

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

I have the same issue with Anti-spyware Maximum Protection: Prevent execution of scripts from the Temp folder.

The threat source process is usually cscript.exe and the target is usually in a local settings or app data temp folder like History.IE5 or Content.IE5, or Cookies, and is reading a .dat file.

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

Hi,

It sounds that those files are "cookies" (temp files created when surfing in the net) and they try to run when navigating for the websites and it will be trigged in AP. I wouldn not recommend to create an exclusion for IEXPLORER.exe as it can be a security risk.

Cheers,

artuha
Level 7
Report Inappropriate Content
Message 5 of 10

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

I got such events 30000 per day. It's annoying. I must open case to Microsoft to prevent it?

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

You could open a case with McAfee, but I am sure they will say that product works as design.

artuha
Level 7
Report Inappropriate Content
Message 7 of 10

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

llamamecomoquieras wrote:

You could open a case with McAfee, but I am sure they will say that product works as design.

  You are right. Answer from McAfee support:

Access protection is doing, what it is designed for, however I am wondering Why Iexplorer.exe  is trying to create SuggestedSites.dat and counters.dat in the temp location?

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

Then, you right you should open a case with Microsoft to get a clear picture why the files are being created in tmp folder..

Cheers,

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

Hey there,

First, if you don't want to see those events you can simply disable them in the server settings.  I wouldn't recommend doing that though.  If you and your team know those particular files are not legitimate you could create a new On Demand Scan that looks for those files and deletes them. 

Just throwing some ideas out there.

boschind
Level 10
Report Inappropriate Content
Message 10 of 10

Re: Lot of Common Standard Protection:Prevent common programs from running files from the Temp folder

just to confitm that also in the installation i administer we have more than 100,000 events like this per day on a base of about 1000 mcafee agents: annoying or even makes this reporting not useful...