Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
782 Views 1 Reply Latest reply: May 21, 2013 2:25 AM by Attila Polinger RSS
andrev Newcomer 1 posts since
May 20, 2013
Currently Being Moderated

May 20, 2013 8:43 AM

Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings

Hi,

 

I'm running this on my machine:

McAfee Agent  4.6.0.2292

McAfee AntiSpyware Enterprise Module  8.7.0.129

VirusScan Enterprise + AntiSpyware Enterprise  8.7i (8.7.0.570)

 

And I'm getting a lot of this warning:

5/20/2013          1:37:55 PM          Would be blocked by Access Protection rule  (rule is currently not enforced)      user-pc      C:\Program Files (x86)\Skype\Phone\Skype.exe          \REGISTRY\USER\S-1-5-21-448539723-746137067-1343024091-24813\Software\Micr osoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect          Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings          Action blocked : Create

 

The .exe path varies across several applications, but very often it points to "C:\Windows\CCM\UpdateTrustedSites.exe"

And the register entrie are always the ones under "Internet Settings\Zones" or "Internet Settings\ZoneMap".

 

Any ideia of what the problem may be?

 

Thanks in advance

andrev

  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009

    Hello,

     

    you may have a particular Virusscan Access Protection rule (the one whose name you see in the log excerpt) configured to notify only when the rule condition triggers.

     

    In my opinion this is an important rule to be enabled fully (i.e. add blocking, too), here is why:

     

    "

    Protect Internet Explorer favorites and settings”

    Intention: This rule is designed to prevent modification of Microsoft Internet Explorer configurations and files by any process not listed in the rule’s exclusion list. A common tactic of malware is to change the browser’s start page, and install favorites. This rule protects against certain start page Trojans, adware, and spyware that modify browser settings.

    Risks: There really aren’t any drawbacks to enabling this rule, as it simply blocks processes from making changes to favorites and settings in Microsoft Internet Explorer.

    "

     

    In addition I recommend reviewing other Access Protection rules and jot down which does have only one action enabled and consider that rule to have both action enabled or turn off all actions of that rule altogether.

    Please read http://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/200 00/PD20870/en_US/5345wp_tops_vse_ap_0109s.pdf to get acquainted with AP rules and how they work.

     

    Attila

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points