cancel
Showing results for 
Search instead for 
Did you mean: 

Block Firefox

Hi,

My customer would like any attempt to download or install Firefox to be blocked.

I tried an Access Protection policy in EPO 5.9.1 but it doesn't seem to work.

Is this the right area to put in the block or is there an application control policy similar to SEP?

Thanks

Stuart

 

23 Replies
Highlighted
McAfee Employee Thussain
McAfee Employee
Report Inappropriate Content
Message 2 of 24

Re: Block Firefox

Thank you for posting your query here

You can block the installation of Firefox with the help of ENS web control or McAfee Site advisor

To achieve this, please follow the steps below For ENS Web Control

Click on Menu, select Policy catalog

Select Browser control from the drop down 

Endpoint Security Web Control : Policy Category > Browser Control > My Default

Under Block use of the following supported browsers: Select Firefox. 

Browser control.PNG

For McAfee Site Advisor, you will have to select the policy SiteAdvisor Enterprise Plus 3.5.0 > Hardening > My Default

Select the TAB Browser Control

MSAE Browser control.PNG

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Re: Block Firefox

Sorry, forgot to say that Web Control isn't used here as they use a separate proxy solution.

McAfee Employee LKS
McAfee Employee
Report Inappropriate Content
Message 4 of 24

Re: Block Firefox

May i know what are the McAfee product are you using. If you are using ENS are you using all the four module like security platform/TP/Webcontrol/Firewall.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a soultion" if this reply resolves your query!

McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 5 of 24

Re: Block Firefox

Hi @idsanalysts 

Good post! I would like to understand the product in use at the endpoint. Is it VSE or McAfee Endpoint Security?

if you are using Access Protection, it works on processes. Hence you have to follow the below steps under executable option when creating a user-defined rule for Access Protection and set it to block.

1) You can block the installer/application using it's name (easiest however, users can rename the application and run it)

2) You can block the installer/application using md5 (not the most friendliest option as every version would have a different md5 and you need to keep it updated in the policy every time there is a new release)

3) Declare Firefox as a PUP, again, it uses only the Filename and not the md5 here. Limitation of changing name to execute is still applicable here as well. This is done under Endpoint Security Threat Prevention Policy --> Option -> Add option under Potentially Unwanted Program Detections.

*Note: If you are using VSE, option to use md5 is not applicable.

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: Block Firefox

It's ENS

McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 7 of 24

Re: Block Firefox

Hi @idsanalysts 

Just out of curiosity, Do you have a TIE server in place? Do you use ATP in your environment? Depending on your answer, we may have another option via them as well!

Cheers!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: Block Firefox

Yes ATP is in use

McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 9 of 24

Re: Block Firefox

Hi @idsanalysts 

Excellent! Provided you have a TIE Server in place, you can add the Firefox application's name or Hash value in TIE and you can block using that as well by changing the Enterprise Reputation of it to Known Malicious.

Although, I would suggest using Access protection for a more simpler implementation as I do not see any specific advantage of using ATP and TIE over Access protection for this purpose.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 10 of 24

Re: Block Firefox

Hi @idsanalysts 

Now that we have established the options we can use, May I know if adding the executable in the rules helped you in achieving the solution via Access protection?

If it is not working, kindly share a screenshot of the rule you have configured and I will be more than happy to take a look at the same for you.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community