4 Replies Latest reply on Feb 2, 2011 5:38 AM by Attila Polinger

    Question about Access Protection Rules in VSE8.8

      There are 2 issues about access protection rules in VSE8.8.


      1. Port rules do not support path, but only support process names.


      e.g.


      I define a new port rule. I put "opera.exe" in the "Process to Include" field, and put 80 and 443 in the starting and ending port, and select "Outbound". The rule works and Opera browser can not access common websites.


      However, when I change "opera.exe" to "C:\Program Files (x86)\Opera\opera.exe" which is the path of opera.exe, the rule faills to block Opera and it can still access websites. It seems that the port rule does not support path anymore in VSE8.8. In VSE8.7, when I make such changes, the rule still works. I wonder if this is a "bug" in access protection. The rule fails not only in Opera, but also in other processes.


      2. File rules do not support wildcard "?" as drive names.


      e.g.


      I define a new rule. I put “C:\Windows\Explorer.exe” in "Process to Include", and put "D:\*.txt" in the "file or forder name" field, and select "write" and "created" in file actions. The rule works and I can't copy any TXT file in the root of D driver.


      However, when I change "C:\Windows\Explorer.exe" to "?:\Windows\Explorer.exe" which include "?" in the driver letter, my computer nearly stops responding and the CPU usage reaches 100%. I tries to delete this rule and disable access protection, but it does not work. I even can't shutdown computer. When I force restart the computer, because the rule is deleted, the computer works well. I am sure it is not because of any other program or computer hardware.


      I hope McAfee can provide a more detailed guide about writing protection rules, including how to properly use wildcards.


      Thank you.