Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
741 Views 1 Reply Latest reply: May 10, 2013 2:53 AM by Attila Polinger RSS
dans Newcomer 35 posts since
Oct 18, 2012
Currently Being Moderated

May 6, 2013 12:51 PM

Common Standard Protection:Prevent common programs from running files from the Temp folder

Someone save me from the noise!!

It's McAfee Prevent common programs from running files from the Temp folder

 

Hundreds, thousands, if not more. All related to pdf files in the temp folder is my guess? Each time the Z@******.tmp name changes with each pdf download.

C:\Users\<username>\AppData\Local\Temp\Low\Z@R82F8.tmp

 

 

This is just a warning alert, it's not actually blocking. What have other users settled on as a happy medium? In the past 6 months I don't recall ever responding to a "Prevent common programs from running files from the temp folder" event alert, so is it time to stop reporting this event? In a dream world that McAfee lives in, am I suppose to give enough brain cycles to this alert and all the machines it occurs on and respond accordingly each time it happens? I don't believe it helps in forensics reporting either, or in working backwards though an incident. Has anyone ever made use of this event? If yes, please divulge what I'm missing.

  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009

    Hello,

     

    I suggest you make a query of events like this and see what process is initiating the triggering of this event type. Is it a single process or are there many processes? What is that process? That could be a good starting point to decide whether that process is legitim or not.

     

    (my standpoint regarding notify only and this particular rule is that there is no use to use notify-only rules (other than on testing or investigation purpose) and this particular rule might not need to be enabled at all - Temp folder must be used somehow by programs - except if you undertake the task of putting exclusions to this rule's list thereby separating legitim use from illegitim use.)

     

    Attila

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points