cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 6

Webinar installers & Anti-spyware maximum protection enabled

Hi

We're running Windows 7 pro x64 with VSE 8.8 and the users do no have local admin rights.

In the last couple of years ive had to tighten the level of protection we have, as our users were getting malware from web sites without realising! So with this in mind i enabled Anti-spyware Maximum Protection:Prevent all programs from running files from the Temp folder, this sorted out the malware problem, but the downside to this is occassionally our users will have to join a webinar (webex or goto meeting) the VSE blocks it.

Ive tried in the past to put exceptions in the ePO Access Protection Policy to allow Citrix Online Launcher.exe, G2MCoreInstExtractor.exe, g2m_download*.exe and then push out the settings but still the AV is blocking this.


Surely im not alone with this problem, what do you guys do to allow the webinar software to run?

Thanks

5 Replies
pwolfe
Level 9
Report Inappropriate Content
Message 2 of 6

Re: Webinar installers & Anti-spyware maximum protection enabled

Did you ever get a Resolve for this...I have fought this issue as well...

wwarren
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 6

Re: Webinar installers & Anti-spyware maximum protection enabled

This requires functionality that VSE does not have; at least, it's not exposed in the UI. You should submit a PER.

If you want to pursue a custom solution, wherein you get a customized Access Protection rule file that has the flexibility to do what you're seeking, you could reach out to our Professional Services team via your Sales contact.

The rule in question is designed to block any program from executing code out of a folder that has TEMP in the name.

You could get it to work by excluding the browser process name - but then what would be the point of having the rule On.

Excluding the process you want to run doesn't/won't help; the exclusion needs to be for the process that's doing the launching - and in this case, it's your browser that's launching those files.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
pwolfe
Level 9
Report Inappropriate Content
Message 4 of 6

Re: Webinar installers & Anti-spyware maximum protection enabled

Well thats unfortunate.........As in a typical environment....most of our users are "Standard Users". They do not have the ability / permission to Disable Access rules temporarily. So in turn, I either have to not use Access rules, or give users: POWER USER or Admin rights? Hmmm....Not verry appealing....

So what you are saying is that I need to contact McAfee and possibly spend more money for a custom solution? That would be unfortunate....if the case...maybe it wont cost...I am just not familiar in doing so....Either way it seems from your comment that it is a common issue.

So I guess I am left contacting McAfee for more details or Disabling good functionality.

apoling
Level 14
Report Inappropriate Content
Message 5 of 6

Re: Webinar installers & Anti-spyware maximum protection enabled

Hi pwolfe,

please allow me to give some advice, maybe it proves helpful: if you cannot use the AP rule allowing your particular processes and blocking others, you perhaps could then stop using that rule to block apps from running in the Temp folder and instead enable other AP rules that would block processes from doing u nwanted things in a later stage at other entry points: these rule include browser protection and autorun prevention, maybe device driver installation.

I consider these actions to be more characteristic signs of malware and theses rules enable differentiating between processes in terms of which to allow and which not.

Attila

Re: Webinar installers & Anti-spyware maximum protection enabled

Ultimately this rule is probably not acceptable for 99% of end user desktops. Sure, it stops a lot of bad things. But there are plenty of rules within Access Protection that are there for emergencies or suspected infections. I don't think it is reasonable to be able to turn them all on. I applaud you for the attempt, but this particular rule is probably one that isn't workable for the reasons you've outlined here.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community