please use Access Protection rule "Prevent programs registering to autorun" enabled for blocking. Also do not forget to enable "Prevent McAfee servcies from being stopped" and "Enable Access Protection" as a service. Fakealert trojans make use of winlogon- Notify key in registry, which qualify as an "autorun" feature and as such will be blocked by this rule.
If you do not enable McAfee services protection, then trojans will pause McShield and perform the change, then re-enable McShield.
Also please enable all rules - with blocking option - that protect McAfee files and folders.