I hope in newer version Mcafee redesignes the access protection rules. This feature is what I feel gives corporate environment some leverage with Malware. We have caught zero day malware with the port blocking, prevented infections with the file block, reg block feature, etc.
One thing I wish they would add though is the ability to block a file based on hash. with the growing number of virus that use random name generators blocking based on name just isnt good enough anymore. Even better, add a utility in mcafee to give you a hash of a file that I could then copy paste in EPO access protection rul
Agreed. This is crucial (Hash blocking) to blocking not only zero-day threats but also, PUPs that I want to block that users simply rename to get around a rule. This would greatly enhance my ability to stop unauthorized software from being installed (not necessarily a McAfee defined PUP but one that my company does not allow for legal reasons, productivity, etc.)
As the AP module is based (partially) on technology from HIP, the fact that HIP8 now has hash blocking could mean that it ends up in VSE. But the usual arguement may get bandied around by McAfee : VSE isn't designed for Application Control - install HIP for this purpose.