5 Replies Latest reply on Jul 10, 2017 3:19 AM by schrmat

    Access Protection Executables: Include All ?!




      I have a question regarding the Access Protection Rules, especially relating to the WannaCry-Ransomware.


      In this article "McAfee Corporate KB - Protecting against Ransom-WannaCry (May 2017) KB89335 " it is written that you should block and report all executables. What is the exactly meaning of this rule? Does it only affect the the executables that are defined in the subrules? Or does it block every executable?


      Because if you define some subrules without the "Executable All" rule they also function as they should. So if I say that all files with *.wnry should be blocked in the subrule then they are getting blocked even without an "Executable All" rule.


      So could you tell me please how that "Executable All" rule works?



      Best regards