1 of 1 people found this helpful
A HIPS custom IPS signature (to prevent read/execute of Chrome in the Appdata directory; a FILES or PROGRAM signature) would be more applicable here than the HIPS Firewall (which would just block Chrome network traffic). Page 101 of McAfee Corporate KB - Host Intrusion Prevention 8.0 Product Guide PD22894 .
Interesting... I read it, and then popped an advil.
That section of the documentation could really be improved by some practical examples, though I think I can figure it out.
I wonder what a good naming and ID assignment scheme might be. Are ID ranges typically reserved for homegrown rules?
Custom IPS signatures will range from 4000-5999. Here's an example of what it could look like; tailor to your needs though.
KB71329 - How to blacklist applications using a Host Intrusion Prevention 8.0 custom signature