I'm running this on my machine:
McAfee Agent 126.96.36.1992
McAfee AntiSpyware Enterprise Module 188.8.131.52
VirusScan Enterprise + AntiSpyware Enterprise 8.7i (184.108.40.2060)
And I'm getting a lot of this warning:
5/20/2013 1:37:55 PM Would be blocked by Access Protection rule (rule is currently not enforced) user-pc C:\Program Files (x86)\Skype\Phone\Skype.exe \REGISTRY\USER\S-1-5-21-448539723-746137067-1343024091-24813\Software\Micr osoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings Action blocked : Create
The .exe path varies across several applications, but very often it points to "C:\Windows\CCM\UpdateTrustedSites.exe"
And the register entrie are always the ones under "Internet Settings\Zones" or "Internet Settings\ZoneMap".
Any ideia of what the problem may be?
Thanks in advance
you may have a particular Virusscan Access Protection rule (the one whose name you see in the log excerpt) configured to notify only when the rule condition triggers.
In my opinion this is an important rule to be enabled fully (i.e. add blocking, too), here is why:
Protect Internet Explorer favorites and settings”
Intention: This rule is designed to prevent modification of Microsoft Internet Explorer configurations and files by any process not listed in the rule’s exclusion list. A common tactic of malware is to change the browser’s start page, and install favorites. This rule protects against certain start page Trojans, adware, and spyware that modify browser settings.
Risks: There really aren’t any drawbacks to enabling this rule, as it simply blocks processes from making changes to favorites and settings in Microsoft Internet Explorer.
In addition I recommend reviewing other Access Protection rules and jot down which does have only one action enabled and consider that rule to have both action enabled or turn off all actions of that rule altogether.
Please read http://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/200 00/PD20870/en_US/5345wp_tops_vse_ap_0109s.pdf to get acquainted with AP rules and how they work.