My customer would like any attempt to download or install Firefox to be blocked.
I tried an Access Protection policy in EPO 5.9.1 but it doesn't seem to work.
Is this the right area to put in the block or is there an application control policy similar to SEP?
Thank you for posting your query here
You can block the installation of Firefox with the help of ENS web control or McAfee Site advisor
To achieve this, please follow the steps below For ENS Web Control
Click on Menu, select Policy catalog
Select Browser control from the drop down
Endpoint Security Web Control : Policy Category > Browser Control > My Default
Under Block use of the following supported browsers: Select Firefox.
For McAfee Site Advisor, you will have to select the policy SiteAdvisor Enterprise Plus 3.5.0 > Hardening > My Default
Select the TAB Browser Control
May i know what are the McAfee product are you using. If you are using ENS are you using all the four module like security platform/TP/Webcontrol/Firewall.
Was my reply helpful?
If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a soultion" if this reply resolves your query!
Good post! I would like to understand the product in use at the endpoint. Is it VSE or McAfee Endpoint Security?
if you are using Access Protection, it works on processes. Hence you have to follow the below steps under executable option when creating a user-defined rule for Access Protection and set it to block.
1) You can block the installer/application using it's name (easiest however, users can rename the application and run it)
2) You can block the installer/application using md5 (not the most friendliest option as every version would have a different md5 and you need to keep it updated in the policy every time there is a new release)
3) Declare Firefox as a PUP, again, it uses only the Filename and not the md5 here. Limitation of changing name to execute is still applicable here as well. This is done under Endpoint Security Threat Prevention Policy --> Option -> Add option under Potentially Unwanted Program Detections.
*Note: If you are using VSE, option to use md5 is not applicable.
I sincerely hope this helps!
Just out of curiosity, Do you have a TIE server in place? Do you use ATP in your environment? Depending on your answer, we may have another option via them as well!
Excellent! Provided you have a TIE Server in place, you can add the Firefox application's name or Hash value in TIE and you can block using that as well by changing the Enterprise Reputation of it to Known Malicious.
Although, I would suggest using Access protection for a more simpler implementation as I do not see any specific advantage of using ATP and TIE over Access protection for this purpose.
Now that we have established the options we can use, May I know if adding the executable in the rules helped you in achieving the solution via Access protection?
If it is not working, kindly share a screenshot of the rule you have configured and I will be more than happy to take a look at the same for you.