1 Reply Latest reply on Aug 5, 2010 10:29 AM by eobiont

    How to block EXEs in User Profile

    eobiont

      I would like to block executables from running out of the User Profile i.e. C:\Documents and Settings <or> Users\<user name>\**\*.exe

       

      I am having trouble figuring out how to do this.  Does anyone have ideas.  I created an Access Protection rule that blocked **\Documents and Settings\**\*.exe but this is suboptimal for two reasons.

      1. It also blocks "Documents and Settings\All users".

      2. Modern OSes don't use "Documents and Settings" anymore - they use "User".

       

       

      Symantec allows %USERPROFILE%\**\*.exe but I think that McAfee doesn't.  Is that correct?  Is there a way for me to get what I want?  So many viruses and unwanted programs - like Chrome - are avoiding restrictions by running right out of the user profile.  We need a way to block that.

       

       

      Running latest versions Agent 4.5 VSE 8.7i p3.

        • 1. Re: How to block EXEs in User Profile
          eobiont

          Is this anything?

           

          Can I do **\Documents And Settings\<USER_NAME>\**\*.exe ?

           

          https://kc.mcafee.com/corporate/index?page=content&id=KB52673&cat=CORP_EPOLICY_O RCHESTRATOR&actp=LIST

           

          Environment

          McAfee ePolicy Orchestrator
          Microsoft Windows

          Summary

          These predefined and system environment variables can be used in various dialog boxes and policy pages.
          Client computers use the first values from user environment variables, then system environment variables. For more information on environment variables, see the Windows product documentation.
          IMPORTANT : The location you specify using these variables must exist on the client computers.
          Predefined and system environment variables table:
          VariableDescription
          <COMPUTER_NAME>The name of the client computer. This is the NetBIOS name on
          Windows computers, the DNS name on Unix computers, and
          NDS name on NetWare computers.
          <DOMAIN_NAME>The domain name or workgroup name to which the client
          computer belongs.
          <PROGRAM_FILES_COMMON_DIR>The path of the Windows common folder; for example,
          C:\PROGRAM FILES\COMMON.
          <PROGRAM_FILES_DIR>The path of the program files folder; for example, C:\PROGRAM
          FILES.
          <SOFTWARE_INSTALLED_DIR>The installation directory of the corresponding McAfee product.
          <SYSTEM_DIR>The Windows system directory; for example, C:\WINNT\SYSTEM32
          or C:\WINDOWS\SYSTEM.
          <SYSTEM_DRIVE>The drive where the operating system is installed; for example,
          C:.
          <SYSTEM_ROOT>The path of the Windows root directory; for example, C:\WINNT or
          C:\WINDOWS.
          <TEMP_DIR>The Windows temporary directory; for example, C:\TEMP.
          <USER_NAME>The user name of the currently logged on user account.