McAfee ePolicy Orchestrator
I would like to block executables from running out of the User Profile i.e. C:\Documents and Settings <or> Users\<user name>\**\*.exe
I am having trouble figuring out how to do this. Does anyone have ideas. I created an Access Protection rule that blocked **\Documents and Settings\**\*.exe but this is suboptimal for two reasons.
1. It also blocks "Documents and Settings\All users".
2. Modern OSes don't use "Documents and Settings" anymore - they use "User".
Symantec allows %USERPROFILE%\**\*.exe but I think that McAfee doesn't. Is that correct? Is there a way for me to get what I want? So many viruses and unwanted programs - like Chrome - are avoiding restrictions by running right out of the user profile. We need a way to block that.
Running latest versions Agent 4.5 VSE 8.7i p3.
Is this anything?
Can I do **\Documents And Settings\<USER_NAME>\**\*.exe ?
|<COMPUTER_NAME>||The name of the client computer. This is the NetBIOS name on|
Windows computers, the DNS name on Unix computers, and
NDS name on NetWare computers.
|<DOMAIN_NAME>||The domain name or workgroup name to which the client|
|<PROGRAM_FILES_COMMON_DIR>||The path of the Windows common folder; for example,|
|<PROGRAM_FILES_DIR>||The path of the program files folder; for example, C:\PROGRAM|
|<SOFTWARE_INSTALLED_DIR>||The installation directory of the corresponding McAfee product.|
|<SYSTEM_DIR>||The Windows system directory; for example, C:\WINNT\SYSTEM32|
|<SYSTEM_DRIVE>||The drive where the operating system is installed; for example,|
|<SYSTEM_ROOT>||The path of the Windows root directory; for example, C:\WINNT or|
|<TEMP_DIR>||The Windows temporary directory; for example, C:\TEMP.|
|<USER_NAME>||The user name of the currently logged on user account.|