cancel
Showing results for 
Search instead for 
Did you mean: 

Prevent common programs from running files from the Temp folder & IEXPLORE.EXE

I have started to use the Mcafee Default rules and instantly getting hundreds of alerts from multiple machines triggered by

Common Standard ProtectionSmiley Tonguerevent common programs from running files from the Temp folder

Source Process Name: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE

Target File Name: C:\Users\USERNAME\AppData\Local\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\4QT06WEU\CHOSEN[3].CSS   (multiple files not just this one!!!)

If this is a default setting how can it trigger so many alerts from such a common application?  I do not want to exclude IEXPLORE.EXE but surely just turning the rule off is not an option.

Surely there must be a way to sort this out !!!!!

We have got Sophos doing a demo soon and I think we will be looking at moving asap due to massive problems with Mcafee !!!

ANY HELP WOULD BE APPRECIATED

4 Replies
wwarren
Level 15
Report Inappropriate Content
Message 2 of 5

Re: Prevent common programs from running files from the Temp folder & IEXPLORE.EXE

If you are having massive problems with McAfee I suggest contact Support for assistance in solving the massive problems.

If you mean the behavior you described is a massive problem, then you misunderstand the purpose of the feature.

The Access Protection rules that exist by default are not all enabled by default, for good reason - reason which you have discovered. Not all environments will be able to use all the rules.

Nothing is preventing you from using the feature to create your own rules, if you had some behavior in mind you wished to block or report on.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee

Re: Prevent common programs from running files from the Temp folder & IEXPLORE.EXE

Hi,

which VSE version are you using? And this AP-rule defaults to "report only", so there is no security reduction if you disable this rule temporary.

Regards,

Frank

Re: Prevent common programs from running files from the Temp folder & IEXPLORE.EXE

V8.8.0 (8.8.0.1385)

What is the point of basic defaults that block a common program like Internet Explorer.  I cannot see the point of having a rule that just reports anyway.

This is not the first problem I have had with Mcafee, just one in a long line of things, recently put a patch on my users and it started to ignore the "processes to exclude" part !!! Took Mcafee days to get back to me about it and just told me to update the agent with an update that was just released !!  Just a couple of weeks ago Mcafee let Cryptoblocker through, major pain !!!!

Rant over !!!

Re: Prevent common programs from running files from the Temp folder & IEXPLORE.EXE

McAfee products always need customization to the specific environment, due to the vast amount of features and settings.So if you don't need to know, which processes execute files from %temp%, just disable the AP-rule...