cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

VSE Access Protection - Prevent .EXE from running (Root of Folder or ALL folders)

Hey All,

Due to some recent attacks I was wanting to block .EXE's from running/being created in certain folders.

wanted to add some rules under access protection user defined rules.

This is just a temporary measure until I get my HIPS IPS rules sorted.

The plan was to block .EXE from being created in the ROOT folders of

C:\Users\**\AppData\Local\*.exe

C:\Users\**\AppData\LocalLow\*.exe

C:\Users\**\AppData\Roaming\*.exe

C:\ProgramData\*.exe

my query is....do these Rules just apply to that folder or would it include "sub folders" also as there is no option to choose sub folders like the OAS policy.

this is because the folders above is where legitimate Applications place there own folders etc some of which contain .EXE's

if sub folders are not included would the entry work as above or more like this ?

files:  *.EXE

Path  :C:\ProgramData\

Cheers All

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center