1 Reply Latest reply on Sep 20, 2010 3:44 AM by Attila Polinger

    Protect cached files from password and email address stealers

      Ok. So I am going through my reports and I have something like 180,000 events per 12 hours from

      Maximum Protection:Protect cached files from password and email address stealers

       

      I'd say most of these are from Outlook, MSAccess, Excel, etc. So do I just exclude these from the policy across the board or what? I mean, these would be files that would exploit this any way in  a lot of cases if the system was compromised, so what would be the point of having the dang thing enabled anyway? I have this policy disabled right now anyway.

       

      Any thoughts?

       

      Thanks

      PS

        • 1. Re: Protect cached files from password and email address stealers
          Attila Polinger

          Hi,

           

          this is what is said about this rule in an Access Protection technote:

           

           

          "Intention:

          Some viruses look through the Internet Explorer cache for email addresses and website passwords. This rule prevents access to anything in the Internet Explorer cache except by Internet Explorer.

          Risk:

          Any process that uses the WinInet library or hosts an Internet Explorer control in a window (*)can access the cache; therefore, you may need to add process to this rule if it is enabled."

           

          *Obviously if this is not true for your organization then you could disable the rule.

           

          Attila