2 Replies Latest reply on Dec 9, 2010 7:58 AM by Sk1dMARK

    Embedded Games Within Excel Documents

      I am in charge of network security in an organization currently running ePO 4.0 with 4.5 in a testing environment. Generally speaking, every security issue that we have come across, I have been able to solve quickly with the built in features of McAfee Antivirus, and McAfee HIPS. However, I have found an issue that I am not sure how to solve, but I am hoping someone else might within the McAfee Community.


      We run two networks, one tied into the World Wide Web, and one as a local intranet. On the local intranet, we are having issues with people introducing Excel files with Adobe Flash games embedded into them on the network. I have already have several detections from these seemingly innocent games, and would like a way to immediately stop the threat. I know that Excel allows Flash to embed with *.ocx files, and have tested blocking / deleting / and security permissions with the Flash *.ocx, however I need my users to be able to use Flash with Adobe Connect and other applications running on the intranet.


      I am wondering if anyone would know how to create a signature based entry for an excel file embedded with a Flash file. I have been unsuccessful figuring out how to do this, however I do not have a lot of experience creating signatures. (Any other solution would work also!) Searching around Google I have seen a lot of people complaining about this, mainly schools, and as of yet I have seen no way to stop this without disabling all of Flash.


      If anyone could help me with this, I would really really appreciate it. Attached to this is one of the games I am talking about, so that everyone can see what I mean. (I have scanned this file with two different AV's for infection.)


      Thank you!

        • 1. Re: Embedded Games Within Excel Documents

          Moving this from Home & Home Office Community Help to the Business Community section for attention.

          • 2. Re: Embedded Games Within Excel Documents

            I only know of one way to do it and that would be to add a user-defined PUP detection based on the name of the file.  In this case you could add "celtetris.xls" to the policy and then VSE will smack it.  You may also want to get with your Group Policy Admins to see if there is something that can be done on that front.


            Otherwise, what you are really looking at is a management issue.  Management needs to crack down on people playing games through behavioral policy with stiff consequences.


            I wish I could help you more.