Dear McAfee community.
I'm in the process of creating a profile for development workstations. These, namely use Java interactions and so, for such, I have created a rule to report JAR files interaction, but I got nothing much.
What I want is to know when java files (JAR, class, etc...) to be reported when they are "used" by applications (whatever the development app is). Far as I'm aware, there's no .net use.
So, I have created a Access Protection Policy with the following configuration:
Proccesses to include: *
Processes to exclude: *
File or folder to block: *.jar (so far only JAR is there).
File actions to prevent: All checked. But the rule is on "Report Only" mode.
Although I picked this workstations because they had jar interactions, but the rule doesn't seem to be working or reporting correctly.
Does anyone has tips on this sort of exclusions for development workstations? I need to know the specific exe interacting with jar files.
Also, in order to add *.class file type, can I use the same rule? For example:
File or folders to block: *.jar; *.class
Would it be okay ?
Please someone shed a light on this matter?
Thank you so much