1 of 1 people found this helpful
Theres two areas i think you would need to check, as an example I've stopped the google earth installer
So on orchestrator 4.0 under VirusScan Enterprise 8.5.0 > Unwanted Programs Policies > Your Policy
I have a user defined item googleupdatesetup.exe
On VirusScan Enterprise 8.5.0 > Unwanted Programs Policies > Your Policy
Scan items - I think Other Potentially Unwanted Programs needs to be ticked
Next open your VirusScan Enterprise 8.5.0 > On-Access Default Processes Policies > Your Policy
And check that scan items - Unwanted programs detection is ticked
Then on the test machine open EPO agent status mon and hit check new policys & enforce new policys
Then try running your exe
If I understand well, if I want to block installation of a file , I have to enter user-defined item which corresponds to the name of the setup file under VirusScan Enterprise > Unwanted Programs Policies > Your Policy. Is it right?
1- What happens if user change the name Google update setup file before launching it? Is installation been always blocked?
2- What happens if the name of the setup file of my unwanted program is just setup.exe? Where (ex: a generic path) should I look for the name of the file that I have to enter as user-defined item. For example if I want to block itunes or skype installation ?
3- is it also possible to block, with this method, an unwanted program which is already installed ? if yes , what user-defined item should I enter since in this case the purpose is not to block installation of a program but avoid launching an unwanted-program already installed
I dont think its that clever
I think it just goes by name so would need two rules for the setup program & app
And there would be issues with different apps all using setup.exe
Another option if you've licenced for it would be to run Mcafee host intrusion Protection HIPS
There you can setup app blocking with "fingerprinting" which captures the MD5 code of the application
Then even if the exe was renamed it would still be blocked
And multiple setup.exe's all carry there own code
Thanks for this information.
I will try also HIPS with "fingerprinting".