home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.morenci.k12.mi.us
/
ftp.morenci.k12.mi.us.tar
/
ftp.morenci.k12.mi.us
/
McAfee v8.7i.zip
/
vse870.msi
/
vscan.bof
/
vscan.bof
Wrap
Text File
|
2009-10-22
|
110KB
|
1,938 lines
#422 mferulesign1=MIIGowYJKoZIhvcNAQcCoIIGlDCCBpACAQExDjAMBggqhkiG9w0CBQUAMAsGCSqGSIb3DQEHAaCCBPUwggTxMIID2aADAgECAhA1TRrJIK2/gfIbfLd66YSAMA0GCSqGSIb3DQEBBQUAMIG0MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTA0MS4wLAYDVQQDEyVWZXJpU2lnbiBDbGFzcyAzIENvZGUgU2lnbmluZyAyMDA0IENBMB4XDTA3MDkwNzAwMDAwMFoXDTA4MTAwOTIzNTk1OVowgbQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEVMBMGA1UEChQMTWNBZmVlLCBJbmMuMT4wPAYDVQQLEzVEaWdpdGFsIElEIENsYXNzIDMgLSBNaWNyb3NvZnQgU29mdHdhcmUgVmFsaWRhdGlvbiB2MjEMMAoGA1UECxQDSUlTMRUwEwYDVQQDFAxNY0FmZWUsIEluYy4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMmmc4/woe50JGeSRJS1lv3mLwm9Um1n8mvohedKU/p0+vRuEDk8QZ71t8Mjww37Q60oHGrgHKzSm7hi6w+wgvX+gRPpf9SHcG2niVM9Rec26peHZSEwwVnhoM7d684HwMz3zEP0JfH7BfR/H9QCeEzMyhpsVo4YoOHxWcU7Y5EFAgMBAAGjggF/MIIBezAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vQ1NDMy0yMDA0LWNybC52ZXJpc2lnbi5jb20vQ1NDMy0yMDA0LmNybDBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwMwdQYIKwYBBQUHAQEEaTBnMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPwYIKwYBBQUHMAKGM2h0dHA6Ly9DU0MzLTIwMDQtYWlhLnZlcmlzaWduLmNvbS9DU0MzLTIwMDQtYWlhLmNlcjAfBgNVHSMEGDAWgBQI9VHo+/49PWQ2fGjPW3io37nFNzARBglghkgBhvhCAQEEBAMCBBAwFgYKKwYBBAGCNwIBGwQIMAYBAQABAf8wDQYJKoZIhvcNAQEFBQADggEBACL+ZIkqIR8bboVYP4LU4diXT87CwJKA3uA6R9UUmwvkCmyPGN64X7Iiu0A5t4QnnYTY1CFBmBenPc3P84EvX1ri/fl8yDhjq9EWrnvagWKfX7Mh9TKCm1Avqr5fnSE2Pk5Xpoq64yHeDjHIeqeo3JBU4Wjtilko329I9mxDDjMKYCeMlObp9OqH9rv1Lt+hmtiwDfYmApHiz1j7eLmwUSQ3Q5lV/DN8sAL1fw3BT14lC+KYncB1Ywl/Od4hf9Hq2j/dK82hCjMM6ncoglGLsIQZRgOpxPXEz+m3pKkeDFlCsR9o5YbrPq+uvolDXzQRRp1Ms6LY4H6PXvToR79JctwxggFzMIIBbwIBATCByTCBtDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNDEuMCwGA1UEAxMlVmVyaVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAwNCBDQQIQNU0aySCtv4HyG3y3eumEgDAMBggqhkiG9w0CBQUAMA0GCSqGSIb3DQEBAQUABIGAJ8GQ4clA5KzVuzjVKIy2fGxOdHP+xmSbicBlD2FBmIdE+6fbU1bIOGdfmildHSgxvJKkT2ZQ8OGA+6jOBtoGAQlljgb2+9YNeirF9ufuphTh8hRYLdVDqP7ija+qjnnjFm5mrN3n1ZhyfFxNNrEikjoluOnbM9cp9WDX3JBIMA4=
Rule { Class Buffer_Overflow; Id 1; level 4; application { Include "*\\iexplore.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 2; level 4; application { Include "*\\msimn.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 3; level 4; application { Include "*\\svchost.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 4; level 4; application { Include "*\\explorer.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 5; level 4; application { Include "*\\mapisp32.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 6; level 4; application { Include "*\\ftp.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 7; level 4; application { Include "*\\services.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 8; level 4; application { Include "*\\lsass.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 9; level 4; application { Include "*\\inetinfo.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 10; level 4; application { Include "*\\outlook.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 11; level 4; application { Include "*\\wmplayer.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 12; level 4; application { Include "*\\mplayer2.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 13; level 4; application { Include "*\\rpcss.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 14; level 4; application { Include "*\\msmsgs.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 15; level 4; application { Include "*\\winword.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 16; level 4; application { Include "*\\excel.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 17; level 4; application { Include "*\\mstask.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 18; level 4; application { Include "*\\powerpnt.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 19; level 4; application { Include "*\\msaccess.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 20; level 4; application { Include "*\\visio32.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 21; level 4; application { Include "*\\wuauclt.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 22; level 4; application { Include "*\\sqlservr.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 23; level 4; application { Include "*\\dllhost.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 24; level 4; application { Include "*\\VSEBOTest.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 25; level 4; application { Include "*\\w3wp.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 26; level 4; application { Include "*\\EventParser.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 27; level 4; application { Include "*\\NaiMServ.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 28; level 4; application { Include "*\\SrvMon.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 29; level 4; application { Include "*\\naPrdMgr.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 30; level 4; application { Include "*\\winzip32.exe" }; directives bo:stack bo:heap }
Rule { Class Buffer_Overflow; Id 31; level 4; application { Include "*\\amgrsrvc.exe" }; directives bo:stack bo:heap }
ifndef programfiles {
regval programfiles "HKLM/software/microsoft/windows/currentversion" programfilesdir
}
ifndef programfiles {
set programfiles "\\:::"
}
ifndef commonprogramfiles {
set commonprogramfiles "${programfiles}\\common"
}
regval programfiles_x86 "HKLM/software/microsoft/windows/currentversion" "programfilesdir (x86)"
ifndef programfiles_x86 {
set programfiles_x86 "${programfiles}"
}
regval commonprogramfiles_x86 "HKLM/software/microsoft/windows/currentversion" "commonfilesdir (x86)"
ifndef commonprogramfiles_x86 {
set commonprogramfiles_x86 "${programfiles_x86}\\common"
}
ifndef applicationdata {
regval applicationdata "HKLM/software/microsoft/windows/currentversion/explorer/shell folders" "Common AppData"
}
ifndef vseinstalldir {
regval vseinstalldir "HKLM/software/mcafee/desktopprotection" szInstallDir
}
ifndef vseinstalldir {
regval vseinstalldir "HKLM/software/wow6432node/mcafee/desktopprotection" szInstallDir
}
ifndef vseinstalldir {
set vseinstalldir "\\:::"
}
ifndef vsesapinstalldir {
regval vsesapinstalldir "HKLM/software/mcafee/vsesap" szInstallDir
}
ifndef vsesapinstalldir {
regval vsesapinstalldir "HKLM/software/wow6432node/mcafee/vsesap" szInstallDir
}
ifndef vsesapinstalldir {
set vsesapinstalldir "\\:::"
}
ifndef vsestoinstalldir {
regval vsestoinstalldir "HKLM/software/mcafee/vses" szInstallDir
}
ifndef vsestoinstalldir {
regval vsestoinstalldir "HKLM/software/wow6432node/mcafee/vses" szInstallDir
}
ifndef vsestoinstalldir {
set vsestoinstalldir "\\:::"
}
ifndef vseoviinstalldir {
regval vseoviinstalldir "HKLM/software/mcafee/vsev" szInstallDir
}
ifndef vseoviinstalldir {
regval vseoviinstalldir "HKLM/software/wow6432node/mcafee/vsev" szInstallDir
}
ifndef vseoviinstalldir {
set vseoviinstalldir "\\:::"
}
ifndef avenginedir32 {
regval avenginedir32 "HKLM/software/mcafee/avengine" szInstallDir32
}
ifndef avenginedir32 {
regval avenginedir32 "HKLM/software/wow6432node/mcafee/avengine" szInstallDir32
}
ifndef avenginedir32 {
set avenginedir32 "${commonprogramfiles_x86}\\mcafee\\Engine\\"
}
ifndef avenginedir64 {
regval avenginedir64 "HKLM/software/mcafee/avengine" szInstallDir64
}
ifndef avenginedir64 {
regval avenginedir64 "HKLM/software/wow6432node/mcafee/avengine" szInstallDir64
}
ifndef avenginedir64 {
set avenginedir64 "${commonprogramfiles_x86}\\mcafee\\Engine\\"
}
ifndef vmwareworkstationinstalldir {
regval vmwareworkstationinstalldir "HKLM/software/VMware, Inc./VMware Workstation" InstallPath
}
ifndef vmwareworkstationinstalldir {
set vmwareworkstationinstalldir "${programfiles_x86}\\VMWare\\"
}
ifndef vmwareserverinstalldir {
regval vmwareserverinstalldir "HKLM/software/VMware, Inc./VMware Server" InstallPath
}
ifndef vmwareserverinstalldir {
set vmwareserverinstalldir "${programfiles_x86}\\VMWare\\"
}
BufferOverflowProtection {
ProcessInclude amgrsrvc.exe
ProcessInclude bo.exe
ProcessInclude botest.exe
ProcessInclude botest2.exe
ProcessInclude dllhost.exe
ProcessInclude eventparser.exe
ProcessInclude excel.exe
ProcessInclude explorer.exe
ProcessInclude frameworkservice.exe
ProcessInclude ftp.exe
ProcessInclude iexplore.exe
ProcessInclude inetinfo.exe
ProcessInclude lsass.exe
ProcessInclude mapisp32.exe
ProcessInclude mplayer2.exe
ProcessInclude msaccess.exe
ProcessInclude msimn.exe
ProcessInclude msmsgs.exe
ProcessInclude mstask.exe
ProcessInclude naimserv.exe
ProcessInclude naprdmgr.exe
ProcessInclude outlook.exe
ProcessInclude powerpnt.exe
ProcessInclude rpcss.exe
ProcessInclude services.exe
ProcessInclude sqlservr.exe
ProcessInclude srvmon.exe
ProcessInclude svchost.exe
ProcessInclude visio32.exe
ProcessInclude VSCoreBOPTest
ProcessInclude vsebotest.exe
ProcessInclude w3wp.exe
ProcessInclude winword.exe
ProcessInclude winzip32.exe
ProcessInclude wmplayer.exe
ProcessInclude wuauclt.exe
Exception * * H 2000.01.01 2030.01.01 MSCOREE
Exception * * H 2000.01.01 2030.01.01 LICDLL
Export NTDLL.NtCreateFile 11 0xC0000022
Export NTDLL.NtProtectVirtualMemory 5 0xC0000022
Export NTDLL.NtCreateProcess 8 0xC0000022
Export KERNEL32.CreateFileA 7 -1
Export KERNEL32.CreateFileW 7 -1
Export KERNEL32.CreateNamedPipeA 8 -1
Export KERNEL32.CreateNamedPipeW 8 -1
Export KERNEL32.LoadLibraryA 1 0
Export KERNEL32.LoadLibraryW 1 0
Export KERNEL32.LoadLibraryExA 3 0
Export KERNEL32.LoadLibraryExW 3 0
Export KERNEL32.VirtualProtect 4 0
Export KERNEL32.VirtualProtectEx 5 0
Export KERNEL32.CreatePipe 4 0
Export KERNEL32.GetStartupInfoA 1 0
Export KERNEL32.GetStartupInfoW 1 0
Export KERNEL32.WinExec 2 0
Export KERNEL32.CreateProcessA 10 0
Export KERNEL32.CreateProcessW 10 0
Export KERNEL32.GetProcAddress 2 0
Export ADVAPI32.RegOpenKeyA 3 5
Export ADVAPI32.RegOpenKeyW 3 5
Export ADVAPI32.RegOpenKeyExA 5 5
Export ADVAPI32.RegOpenKeyExW 5 5
Export ADVAPI32.RegCreateKeyA 3 5
Export ADVAPI32.RegCreateKeyW 3 5
Export ADVAPI32.RegCreateKeyExA 9 5
Export ADVAPI32.RegCreateKeyExW 9 5
Export WININET.InternetOpenA 5 0
Export WININET.InternetOpenW 5 0
Export WININET.InternetOpenUrlA 6 0
Export WININET.InternetOpenUrlW 6 0
Export WS2_32.socket 3 0
Export MSVCRT._open 0 -1
Export MSVCRT._wopen 0 -1
Export MSVCRT._creat 0 -1
Export MSVCRT._wcreat 0 -1
Export MSVCRT.system 0 -1
Export MSVCRT._wsystem 0 -1
}
Product ANTISPYW* { OnAccessScanner {
DontScan RW {
Process {
Include fssm32.exe
Include avengine.exe pavsrv50.exe avtask.exe
Include rtvscan.exe doscan.exe dwhwizrd.exe
Include navapsvc.exe navw32.exe
Include inort.exe inocit.exe
Include avp32.exe avpm.exe
Include ntrtscan.exe pccnt.exe
Include monsysnt.exe v3medic.exe
Include sweepsrv.sys savservice.exe
}
File {
Include **
}
}
SkipDriver {
Include otman5
Include symevent
Include "F-Secure Filter"
Include "F-Secure Recognizer"
}
}}
OnAccessScanner {
DontScan RW {
Process {
Include "${windir}\\system32\\mssearch.exe"
Include "${windir}\\system32\\mssfh.exe"
Include "${windir}\\system32\\mssdmn.exe"
Include "${windir}\\system32\\winfs\\winfs.exe"
Include "${windir}\\system32\\searchindexer.exe"
}
File {
Include **
}
}
}
Product PRESCAN* {
ifndef programfiles {
regval programfiles "HKLM/software/microsoft/windows/currentversion" programfilesdir
}
ifndef programfiles {
set programfiles "\\:::"
}
ifndef commonprogramfiles {
set commonprogramfiles "${programfiles}\\common"
}
regval programfiles_x86 "HKLM/software/microsoft/windows/currentversion" "programfilesdir (x86)"
ifndef programfiles_x86 {
set programfiles_x86 "${programfiles}"
}
regval commonprogramfiles_x86 "HKLM/software/microsoft/windows/currentversion" "commonfilesdir (x86)"
ifndef commonprogramfiles_x86 {
set commonprogramfiles_x86 "${programfiles_x86}\\common"
}
ifndef applicationdata {
regval applicationdata "HKLM/software/microsoft/windows/currentversion/explorer/shell folders" "Common AppData"
}
regval shortprogramfile "HKLM/software/mcafee/ap" "ProgramFilesDir"
ifndef shortprogramfile {
set shortprogramfile "\\:::"
}
regval shortprogramfile_x86 "HKLM/software/mcafee/ap" "ProgramFilesDir (x86)"
ifndef shortprogramfile_x86 {
set shortprogramfile_x86 "${shortprogramfile}"
}
regval shortcommonfile "HKLM/software/mcafee/ap" "CommonFilesDir"
ifndef shortcommonfile {
set shortcommonfile "\\:::"
}
regval shortcommonfile_x86 "HKLM/software/mcafee/ap" "CommonFilesDir (x86)"
ifndef shortcommonfile_x86 {
set shortcommonfile_x86 "${shortcommonfile}"
}
regval downloadfiledir "HKLM/software/McAfeeInstaller/AP" "DownloadFileDir"
ifndef downloadfiledir {
set downloadfiledir "\\:::"
}
regval installfiledir "HKLM/software/McAfeeInstaller/AP" "InstallFileDir"
ifndef installfiledir {
set installfiledir "\\:::"
}
AccessProtection {
Enforce G_060_CommonOn 1
Report G_060_CommonOn 1
Rule CO01 G_060_CommonOn {
Description "Prevent modification of McAfee files and settings"
Enforce 1
Report 1
Process {
Include *
Exclude "${programfiles}/mcafee/**.exe"
Exclude "${programfiles}/mcafee.com/**.exe"
Exclude "${programfiles_x86}/mcafee/**.exe"
Exclude "${programfiles_x86}/mcafee.com/**.exe"
Exclude "${commonprogramfiles}/mcafee/**.exe"
Exclude "${shortcommonfile}/mcafee/**.exe"
Exclude "${shortcommonfile_x86}/mcafee/**.exe"
Exclude "${shortprogramfile}/mcafee/**.exe"
Exclude "${shortprogramfile}/mcafee.com/**.exe"
Exclude "${shortprogramfile_x86}/mcafee/**.exe"
Exclude "${shortprogramfile_x86}/mcafee.com/**.exe"
Exclude "install.exe"
Exclude "mcinst.exe"
Exclude "regsvr32.exe"
Exclude "services.exe"
}
Key CWD {
Include "HKLMS/McAfee/**"
Include "HKLMS/McAfee.com/**"
Include "HKCUS/McAfeeInstaller/**"
}
Key D {
Include "HKCCS/Services/McAfee SiteAdvisor Service/**"
Include "HKCCS/Services/mcmscsvc/**"
Include "HKCCS/Services/McNaiAnn/**"
Include "HKCCS/Services/McNASvc/**"
Include "HKCCS/Services/McODS/**"
Include "HKCCS/Services/McProxy/**"
Include "HKCCS/Services/McShield/**"
Include "HKCCS/Services/Mfeapfk/**"
Include "HKCCS/Services/Mfeavfk/**"
Include "HKCCS/Services/Mfebopk/**"
Include "HKCCS/Services/Mfefire/**"
Include "HKCCS/Services/Mfefirek/**"
Include "HKCCS/Services/Mfehidk/**"
Include "HKCCS/Services/Mfendisk/**"
Include "HKCCS/Services/Mfendiskmp/**"
Include "HKCCS/Services/Mferkdet/**"
Include "HKCCS/Services/Mfevtp/**"
Include "HKCCS/Services/Mfewfpk/**"
Include "HKCCS/Services/MPFP/**"
Include "HKCCS/Services/MpfService/**"
Include "HKCCS/Services/MSK80Service/**"
Include "HKCCS/Services/MSKSSRV/**"
}
Value CWD {
Include "HKCCS/Services/McNaiAnn/**:*"
Include "HKCCS/Services/McNASvc/**:*"
Include "HKCCS/Services/McShield/**:*"
Include "HKCCS/Services/McODS/**:*"
Include "HKCCS/Services/Mfeapfk/**:*"
Include "HKCCS/Services/Mfeavfk/**:*"
Include "HKCCS/Services/Mfebopk/**:*"
Include "HKCCS/Services/Mfefire/**:*"
Include "HKCCS/Services/Mfefirek/**:*"
Include "HKCCS/Services/Mfehidk/**:*"
Include "HKCCS/Services/Mfendisk/**:*"
Include "HKCCS/Services/Mfendiskmp/**:*"
Include "HKCCS/Services/mferkdet/**:*"
Include "HKCCS/Services/Mfevtp/**:*"
Include "HKCCS/Services/Mfewfpk/**:*"
Include "HKCCS/Services/McAfee SiteAdvisor Service/**:*"
Include "HKCCS/Services/mcmscsvc/**:*"
Include "HKCCS/Services/McProxy/**:*"
Include "HKCCS/Services/MPFP/**:*"
Include "HKCCS/Services/MpfService/**:*"
Include "HKCCS/Services/MSK80Service/**:*"
Include "HKCCS/Services/MSKSSRV**:*"
Include "HKLMS/McAfee/**:*"
Include "HKLMS/McAfee.com/**:*"
Include "HKCUS/McafeeInstaller/**:*"
}
File CWD {
Include "${windir}/system32/drivers/mfe*.sys"
Include "${programfiles}/mcafee/**"
Include "${programfiles}/mcafee.com/**"
Include "${programfiles_x86}/mcafee/**"
Include "${programfiles_x86}/mcafee.com/**"
Include "${commonprogramfiles}/mcafee/**"
Include "${commonprogramfiles_x86}/mcafee/**"
Include "${installfiledir}/*"
Include "${installfiledir}/**/*"
Include "${downloadfiledir}/*"
Include "${downloadfiledir}/**/*"
Include "${applicationdata}/mcafee/**"
Exclude "${applicationdata}/mcafee/mclogs/**"
Exclude "${applicationdata}/mcafee/temp/**"
}
ProtectProcess {
Include "${commonprogramfiles}\\mcafee\\systemcore\\mcshield.exe"
Include "${commonprogramfiles}\\mcafee\\systemcore\\mfefire.exe"
Include "${commonprogramfiles}\\mcafee\\systemcore\\mfevtps.exe"
Include "${installfiledir}\\SelfProtect\\Win32\\aploader.exe"
Include "${installfiledir}\\SelfProtect\\Win64\\aploader.exe"
}
}
}
}
Product VSO* {
regval shortprogramfile "HKLM/software/mcafee/ap" "ProgramFilesDir"
ifndef shortprogramfile {
set shortprogramfile "\\:::"
}
regval shortprogramfile_x86 "HKLM/software/mcafee/ap" "ProgramFilesDir (x86)"
ifndef shortprogramfile_x86 {
set shortprogramfile_x86 "${shortprogramfile}"
}
regval shortcommonfile "HKLM/software/mcafee/ap" "CommonFilesDir"
ifndef shortcommonfile {
set shortcommonfile "\\:::"
}
regval shortcommonfile_x86 "HKLM/software/mcafee/ap" "CommonFilesDir (x86)"
ifndef shortcommonfile_x86 {
set shortcommonfile_x86 "${shortcommonfile}"
}
AccessProtection {
Enforce G_060_CommonOn 1
Report G_060_CommonOn 1
Rule CO01 G_060_CommonOn {
Description "Prevent modification of McAfee files and settings"
Enforce 1
Report 1
Process {
Include *
Exclude "${programfiles}/mcafee/**.exe"
Exclude "${programfiles}/mcafee.com/**.exe"
Exclude "${programfiles_x86}/mcafee/**.exe"
Exclude "${programfiles_x86}/mcafee.com/**.exe"
Exclude "${commonprogramfiles}/mcafee/**.exe"
Exclude "${shortcommonfile}/mcafee/**.exe"
Exclude "${shortcommonfile_x86}/mcafee/**.exe"
Exclude "${shortprogramfile}/mcafee/**.exe"
Exclude "${shortprogramfile}/mcafee.com/**.exe"
Exclude "${shortprogramfile_x86}/mcafee/**.exe"
Exclude "${shortprogramfile_x86}/mcafee.com/**.exe"
Exclude "${applicationdata}/mcafee/msk/**"
Exclude "install.exe"
Exclude "mcinst.exe"
Exclude "regsvr32.exe"
Exclude "services.exe"
}
Key CWD {
Include "HKLMS/McAfee/**"
Include "HKLMS/McAfee.com/**"
}
Key D {
Include "HKCCS/Services/McAfee SiteAdvisor Service/**"
Include "HKCCS/Services/mcmscsvc/**"
Include "HKCCS/Services/McNaiAnn/**"
Include "HKCCS/Services/McNASvc/**"
Include "HKCCS/Services/McODS/**"
Include "HKCCS/Services/McProxy/**"
Include "HKCCS/Services/McShield/**"
Include "HKCCS/Services/Mfeapfk/**"
Include "HKCCS/Services/Mfeavfk/**"
Include "HKCCS/Services/Mfebopk/**"
Include "HKCCS/Services/Mfefire/**"
Include "HKCCS/Services/Mfefirek/**"
Include "HKCCS/Services/Mfehidk/**"
Include "HKCCS/Services/Mfendisk/**"
Include "HKCCS/Services/Mfendiskmp/**"
Include "HKCCS/Services/Mferkdet/**"
Include "HKCCS/Services/Mfevtp/**"
Include "HKCCS/Services/Mfewfpk/**"
Include "HKCCS/Services/MPFP/**"
Include "HKCCS/Services/MpfService/**"
Include "HKCCS/Services/MSK80Service/**"
Include "HKCCS/Services/MSKSSRV/**"
}
Value CWD {
Include "HKCCS/Services/McNaiAnn/**:*"
Include "HKCCS/Services/McNASvc/**:*"
Include "HKCCS/Services/McShield/**:*"
Include "HKCCS/Services/McODS/**:*"
Include "HKCCS/Services/Mfeapfk/**:*"
Include "HKCCS/Services/Mfeavfk/**:*"
Include "HKCCS/Services/Mfebopk/**:*"
Include "HKCCS/Services/Mfefire/**:*"
Include "HKCCS/Services/Mfefirek/**:*"
Include "HKCCS/Services/Mfehidk/**:*"
Include "HKCCS/Services/Mfendisk/**:*"
Include "HKCCS/Services/Mfendiskmp/**:*"
Include "HKCCS/Services/mferkdet/**:*"
Include "HKCCS/Services/Mfevtp/**:*"
Include "HKCCS/Services/Mfewfpk/**:*"
Include "HKCCS/Services/McAfee SiteAdvisor Service/**:*"
Include "HKCCS/Services/mcmscsvc/**:*"
Include "HKCCS/Services/McProxy/**:*"
Include "HKCCS/Services/MPFP/**:*"
Include "HKCCS/Services/MpfService/**:*"
Include "HKCCS/Services/MSK80Service/**:*"
Include "HKCCS/Services/MSKSSRV**:*"
Include "HKLMS/McAfee/**:*"
Include "HKLMS/McAfee.com/**:*"
}
File CWD {
Include "${windir}/system32/drivers/mfe*.sys"
Include "${programfiles}/mcafee/**"
Include "${programfiles}/mcafee.com/**"
Include "${programfiles_x86}/mcafee/**"
Include "${programfiles_x86}/mcafee.com/**"
Include "${commonprogramfiles}/mcafee/**"
Include "${commonprogramfiles_x86}/mcafee/**"
Include "${applicationdata}/mcafee/**"
Exclude "${applicationdata}/mcafee/mclogs/**"
Exclude "${applicationdata}/mcafee/temp/**"
Exclude "${applicationdata}/mcafee/msk/**"
Exclude "${programfiles}/McAfee/MSK/apf/**"
}
ProtectProcess {
Include "${commonprogramfiles}\\mcafee\\systemcore\\mcshield.exe"
Include "${commonprogramfiles}\\mcafee\\systemcore\\mfefire.exe"
Include "${commonprogramfiles}\\mcafee\\systemcore\\mfevtps.exe"
}
}
}
}
Product VIRUSCAN8* { AccessProtection {
Group G_User
Enforce G_060_CommonOn 1
Report G_060_CommonOn 1
Enforce G_070_CommonOff 1
Report G_070_CommonOff 1
Enforce G_User 1
Report G_User 1
Enforce G_Private 1
Report G_Private 0
Strings 09 {
G_010_AntiSpyOn "Anti-spyware Standard Protection"
G_020_AntiSpyOff "Anti-spyware Maximum Protection"
G_030_AntiVirusOn "Anti-virus Standard Protection"
G_040_AntiVirusOff "Anti-virus Maximum Protection"
G_050_Outbreak "Anti-virus Outbreak Control"
G_060_CommonOn "Common Standard Protection"
G_070_CommonOff "Common Maximum Protection"
G_080_VM "Virtual Machine Protection"
G_User "User-defined Rules"
G_Private "Product Private Rules"
}
Rule CO01 G_060_CommonOn {
Description "Prevent modification of McAfee files and settings"
Process { Include *
Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe vstskmgr.exe scan32.exe scan64.exe scncfg32.exe shcfg32.exe shstat.exe mcupdate.exe mcconsol.exe ncdaemon.exe mfeann.exe mfehidin.exe csscan.exe mcshield.exe restartVSE.exe mcadmin.exe EngineServer.exe VirusScanAdvancedServer.exe vmscan.exe RSSensor.exe MPEScanner.exe firesvc.exe scanner.exe FireTray.exe McAfeeFire.exe amgrcnfg.exe SiteAdv.exe RPCServ.EXE HipManage.exe FCAGT.exe SAFeService.exe TBMon.exe dbinit.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* svchost.exe regsvc.exe mmc.exe winlogon.exe services.exe vscan_rfc.exe jlaunch.exe }
File CWD { Include "${programfiles_x86}/mcafee/DesktopProtection/**"
Include "${programfiles_x86}/mcafee/AntiSpyware/**"
Include "${programfiles_x86}/mcafee/AntiSpyware Enterprise/**"
Include "${vseinstalldir}**"
Include "${vsesapinstalldir}**"
Include "${vsestoinstalldir}**"
Include "${vseoviinstalldir}**"
Include "${windir}/system32/drivers/mfe*.sys"
Include "${windir}/system32/mfevtps.exe"
Exclude "${programfiles_x86}/mcafee/AntiSpyware Enterprise/MID/ASECFG.CAB"
Exclude "${vseinstalldir}MID/VSECFG*.CAB" }
Key D { Include "HKLMS/McAfee"
Include "HKLMS/McAfee/DesktopProtection"
Include "HKLMS/McAfee/VSCore"
Include "HKLMS/McAfee/VSCore/NVP"
Include "HKLMS/McAfee/On Access Scanner/McShield/Configuration/*" }
Key CWD { Include "HKLMS/McAfee/vscore/**"
Exclude "HKLMS/MCAFEE/VSCORE/ALERT CLIENT/VSE" }
Key D { Include "HKCCS/Services/McShield/**"
Include "HKCCS/Services/McTaskManager/**"
Include "HKCCS/Services/Mfeapfk/**"
Include "HKCCS/Services/Mfetdik/**"
Include "HKCCS/Services/Mfeavfk/**"
Include "HKCCS/Services/Mfebopk/**"
Include "HKCCS/Services/Mfehidk/**"
Include "HKCCS/Services/Mferkdk/**"
Include "HKCCS/Services/Mferkdet/**"
Include "HKCCS/Services/Mfevmgk/**"
Include "HKCCS/Services/Mfevtp/**"
}
Value CWD {
Include "HKCCS/Services/McShield:*"
Include "HKCCS/Services/McShield/Enum:*"
Include "HKCCS/Services/McShield/Security:*"
Include "HKCCS/Services/McTaskManager:*"
Include "HKCCS/Services/McTaskManager/Enum:*"
Include "HKCCS/Services/McTaskManager/Security:*"
Include "HKCCS/Services/Mfeapfk:*"
Include "HKCCS/Services/Mfeapfk/Enum:*"
Include "HKCCS/Services/Mfeapfk/Security:*"
Include "HKCCS/Services/Mfetdik:*"
Include "HKCCS/Services/Mfetdik/Enum:*"
Include "HKCCS/Services/Mfetdik/Security:*"
Include "HKCCS/Services/Mfeavfk:*"
Include "HKCCS/Services/Mfeavfk/Enum:*"
Include "HKCCS/Services/Mfeavfk/Security:*"
Include "HKCCS/Services/Mfebopk:*"
Include "HKCCS/Services/Mfebopk/Enum:*"
Include "HKCCS/Services/Mfebopk/Security:*"
Include "HKCCS/Services/Mfehidk:*"
Include "HKCCS/Services/Mfehidk/Enum:*"
Include "HKCCS/Services/Mfehidk/Security:*"
Include "HKCCS/Services/Mferkdk:*"
Include "HKCCS/Services/Mferkdk/Enum:*"
Include "HKCCS/Services/Mferkdk/Security:*"
Include "HKCCS/Services/Mferkdet:*"
Include "HKCCS/Services/Mferkdet/Enum:*"
Include "HKCCS/Services/Mferkdet/Security:*"
Include "HKCCS/Services/Mfevmgk:*"
Include "HKCCS/Services/Mfevmgk/Enum:*"
Include "HKCCS/Services/Mfevmgk/Security:*"
Include "HKCCS/Services/Mfevtp:*"
Include "HKCCS/Services/Mfevtp/Enum:*"
Include "HKCCS/Services/Mfevtp/Security:*"
}
Key CWD {
Include "HKLMS/McAfee/DesktopProtection/**"
Include "HKULMS/Microsoft/Windows/CurrentVersion/Policies/Explorer/DisallowRun/**"
Include "HKLMS/McAfee/VSAS/**" }
}
Rule CO02 G_060_CommonOn {
Description "Prevent modification of McAfee Common Management Agent files and settings"
Process { Include *
Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* RSSensor.exe MPEScanner.exe firesvc.exe scanner.exe FireTray.exe McAfeeFire.exe amgrcnfg.exe SiteAdv.exe RPCServ.EXE HipManage.exe FCAGT.exe SAFeService.exe TBMon.exe dbinit.exe cqmghost.exe services.exe vstskmgr.exe mcconsol.exe }
Key CWD { Include "HKLMS/Network Associates/ePolicy Orchestrator"
Include "HKLMS/Network Associates/TVD/Shared Components/Framework"
Include "HKLMS/McAfee/McTray/**"
Include "HKCCS/Services/McAfeeFramework/**"
}
File CWD { Include "${ALLUSERSPROFILE}/*/Network Associates/Common Framework/**"
Include "${ALLUSERSPROFILE}/*/McAfee/Common Framework/**"
Include "${programfiles_x86}/McAfee/Common Framework/**"
Include "${programfiles_x86}/network associates/Common Framework/**"
Include "${commonprogramfiles_x86}/Cisco Systems/CiscoTrustAgent/plugins/**"
}
}
Rule CO03 G_060_CommonOn {
Description "Prevent modification of McAfee Scan Engine files and settings"
Process { Include *
Exclude rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* msiexec.exe svchost.exe regsvc.exe msi*.tmp mcscript* mcupdate.exe mue_inuse.exe sdat*.exe scan32.exe scan64.exe engineserver.exe vmscan.exe }
Key D { Include "HKLMS/McAfee/AVEngine" }
Value CWD { Include "HKLMS/McAfee/AVEngine:DAT"
Include "HKLMS/McAfee/AVEngine:szInstallDir"
Include "HKLMS/McAfee/AVEngine:szInstallDir32"
Include "HKLMS/McAfee/AVEngine:szInstallDir64" }
File CWD { Include "${avenginedir32}**"
Include "${avenginedir64}**"
Exclude "extra.dat" }
}
Rule COSP G_060_CommonOn {
Description "Prevent termination of McAfee processes"
Process { Include *
Exclude "**/system32/csrss.exe" frameworks*.exe frminst.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe mcscript_inuse.exe WerFault.exe }
ProtectProcess { Include vstskmgr.exe scan32.exe scan64.exe scncfg32.exe shcfg32.exe shstat.exe mcupdate.exe mcconsol.exe ncdaemon.exe mfeann.exe mfehidin.exe csscan.exe mcshield.exe restartVSE.exe mcadmin.exe EngineServer.exe VirusScanAdvancedServer.exe vmscan.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe mfevtps.exe}
}
Rule CO04 G_060_CommonOn {
Description "Protect Mozilla & FireFox files and settings"
Enforce 0
Report 0
Process { Include *
Exclude rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe firefox* mozilla* thunde*.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe
Exclude siteadv.exe standaloneui.exe uninstall.exe
}
Key CWD { Include "HKLMS/Mozilla**"
Include "HKCUS/Mozilla**" }
File CWD { Include "**/Mozilla*/**" }
}
Rule CO05 G_060_CommonOn {
Description "Protect Internet Explorer settings"
Enforce 0
Report 0
Process { Include *
Exclude icwconn1.exe configui.exe lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe siteadv.exe
}
Value CWD { Include "HKULMS/Microsoft/Internet Explorer/Toolbar:\{*" }
Value CWD { Include "HKULMS/Microsoft/Windows/CurrentVersion/URL/DefaultPrefix:@"
Include "HKULMS/Microsoft/Windows/CurrentVersion/URL/Prefixes:*"
}
Value WD { Include "HKULMS/Microsoft/Internet Explorer/Main:Start Page"
Include "HKULMS/Microsoft/Internet Explorer/Main:Default_Page_URL"
Include "HKLMS/Microsoft/Windows/CurrentVersion/Internet Settings:ProxyServer"
Include "HKULMS/Microsoft/Internet Explorer/Search:Search Assistant"
Include "HKULMS/Microsoft/Internet Explorer/Search:CustomizeSearch"
Include "HKULMS/Microsoft/Internet Explorer/Main:Search Bar"
Include "HKULMS/Microsoft/Internet Explorer/Main:Search Page"
Include "HKULMS/Microsoft/Internet Explorer/Main:Default_Search_URL"
}
}
Rule CO06 G_060_CommonOn {
Description "Prevent installation of Browser Helper Objects and Shell Extensions"
Enforce 0
Report 0
Process { Include *
Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe regsvcs.exe
Exclude lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe vstskmgr.exe regsvr32.exe sysocmgr.exe siteadv.exe
}
Key CWD { Include "HKLMS/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects/**"
Include "HKULMS/Microsoft/Windows/CurrentVersion/ShellServiceObjectDelayLoad"
Include "HKLMS/Microsoft/Windows/CurrentVersion/Explorer/ShellExecuteHooks"
Include "HKLMS/Microsoft/Windows/CurrentVersion/Shell Extensions/Approved" }
}
Rule CO12 G_060_CommonOn {
Description "Protect network settings"
Enforce 0
Report 0
Process { Include *
Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* mfehidin.exe winmgmt.exe winlogon.exe svchost.exe services.exe setadapter.exe
Exclude sr_gui.exe sr_service.exe fwkern.exe tcpsvcs.exe vstskmgr.exe frameworkservice.exe cvpnd.exe sysocmgr.exe wmiadap.exe
Exclude SystemPropertiesComputerName.exe
}
Key CD { Include "HKCCS/Services/Winsock/**"
Include "HKCCS/Services/tcpip/**"
Include "HKCCS/Services/netbt/**"
Exclude "HKCCS/Services/tcpip/Performance"
Exclude "HKCCS/Services/tcpip/Parameters"
Exclude "HKCCS/Services/netbt/Performance"
}
Value CWD { Include "HKCCS/Services/Winsock/**:*"
Include "HKCCS/Services/tcpip/parameters:*"
Include "HKCCS/Services/tcpip/**:*"
Include "HKCCS/Services/netbt/**:*"
}
File CWD { Include "${windir}/system32/drivers/etc/hosts" }
}
Rule CO13 G_060_CommonOn {
Description "Prevent common programs from running files from the Temp folder"
Enforce 0
Report 1
Process { Include ${DefaultBrowser} ${DefaultEmailClient} explorer.exe iexplore.exe firefox.exe mozilla.exe netscp.exe opera.exe msn6.exe eudora.exe msimn.exe msn6.exe msnmsgr.exe neo20.exe nlnotes.exe outlook.exe pine.exe poco.exe thebat.exe thunde*.exe winpm-32.exe MAPISP32.exe VMIMB.EXE RESRCMON.EXE Owstimer.exe SPSNotific* WinMail.exe packager.exe winzip32.exe winrar.exe }
File X { Include "**/temp*/**"
Exclude "**/*.ico"
Exclude "**/temp/*/FrmInst.exe"
Exclude "**/\{718CF0D3-DCDF-428E-9F6C-258F065C8D6D\}/PiReg.exe"
Exclude "**/\{718CF0D3-DCDF-428E-9F6C-258F065C8D6D\}/setlicense.exe"
Exclude "**/Temp/iadhide?.dll"
Exclude "**/Temp/NAVSetup.exe"
Exclude "**/Temp/NAV/NAVSetup.exe"
Exclude "**/hostload*.dll"
Exclude "**/HostingInterfaceRes.dll"
Exclude "**/HostingInputManagerLib.dll"
Exclude "**/SiteAdv.exe"
Exclude "**/SiteAdv.dll"
}
}
Rule CW01a G_070_CommonOff {
Description "Prevent programs registering to autorun"
Enforce 0
Report 0
Process { Include *
Exclude tbmon.exe msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe mmc.exe
Exclude lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* frminst.exe
}
Value CW { Include "HKULMS/Microsoft/Windows NT/CurrentVersion/WinLogon:Shell"
Include "HKULMS/Microsoft/Windows NT/CurrentVersion/Windows:Load"
Include "HKLMS/Microsoft/Windows NT/CurrentVersion/Windows:AppInit_Dlls"
Include "HKULMS/Microsoft/Windows/CurrentVersion/Run/**"
Include "HKULMS/Microsoft/Windows/CurrentVersion/RunOnce/**"
Include "HKULMS/Microsoft/Windows/CurrentVersion/RunOnceEx/**"
Include "HKULMS/Microsoft/Windows/CurrentVersion/RunServices/**"
Include "HKULMS/Microsoft/Windows/CurrentVersion/RunServicesOnce/**"
Exclude "HKLMS/MICROSOFT/WINDOWS/CURRENTVERSION/RUN:MCAFEEFIRETRAY"
}
Key CW { Include "HKLMS/Microsoft/Windows NT/CurrentVersion/WinLogon/Notify"
Include "HKLMS/Microsoft/Windows NT/CurrentVersion/WinLogon/Notify/*"
Exclude "HKLMS/Microsoft/Windows NT/CurrentVersion/WinLogon/Notify/NAVLOGON"
}
File CRWX { Include "**/startup/**.exe"
Include "**/startup/**.bat"
Include "**/startup/**.scr"
Include "**/startup/**.hta"
Include "**/startup/**.pif"
Include "**/startup/**.com"
Exclude "**/startup/**server.exe"
}
}
Rule CW01b G_070_CommonOff {
Description "Prevent programs registering as a service"
Enforce 0
Report 0
Process { Include *
Exclude tbmon.exe mmc.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe
Exclude frminst.exe
}
Key C { Include "HKCCS/Services/**"
Exclude "HKCCS/Services/EventLog/Application/*"
Exclude "HKCCS/Services/EventLog/Security/*"
Exclude "HKCCS/Services/EventLog/System/*"
Exclude "HKCCS/Services/NAIMServInst/**"
Exclude "HKCCS/Services/traces/**"
Exclude "HKCCS/Services/RegMon/**"
Exclude "HKCCS/Services/FileMon/**"
Exclude "HKCCS/Services/McAfeeFramework/**"
Exclude "HKCCS/Services/W3SVC/PARAMETERS/**"
Exclude "HKCCS/Services/Tcpip/Parameters/**"
Exclude "HKCCS/Services/IDSINSTPRIVTEST/**"
Exclude "HKCCS/Services/SNDSRVC/**"
Exclude "HKCCS/Services/SYMEVENT/**"
Exclude "HKCCS/Services/INTEL PDS/**"
Exclude "HKCCS/Services/SYMIDSCO/**"
Exclude "HKCCS/Services/SWEEPSRV.SYS/**"
Exclude "HKCCS/Services/INTERCHECK FILTER/**"
Exclude "HKCCS/Services/INTERCHECK CONTROL/**"
Exclude "HKCCS/Services/SWEEPNET/**"
Exclude "HKCCS/Services/INTERCHECK SUPPORT*/**"
Exclude "HKCCS/Services/INORT/**"
Exclude "HKCCS/Services/INOTASK/**"
Exclude "HKCCS/Services/KAVMONITORSERVICE/**"
Exclude "HKCCS/Services/AVPG/**"
Exclude "HKCCS/Services/AVPCC/**"
Exclude "HKCCS/Services/SQLAGENT\$PADMINISTRATOR/**"
Exclude "HKCCS/Services/MSSQL\$PADMINISTRATOR/**"
Exclude "HKCCS/Services/MSSQLSERVERADHELPER/**"
Exclude "HKCCS/Services/PAVATSCHEDULER/**"
Exclude "HKCCS/Services/PAVAGENTE/**"
Exclude "HKCCS/Services/PAVREPORT/**"
Exclude "HKCCS/Services/ADMINSERVER/**"
Exclude "HKCCS/Services/PADFSVR/**"
Exclude "HKCCS/Services/OFFICESCAN_MASTER_SETUP_SERVICE/**"
Exclude "HKCCS/Services/APACHE2/**"
Exclude "HKCCS/Services/OFCSERVICE/**"
Exclude "HKCCS/Services/TMLISTEN/**"
Exclude "HKCCS/Services/NTRTSCAN/**"
Exclude "HKCCS/Services/VSAPINT/**"
Exclude "HKCCS/Services/TMFILTER/**"
Exclude "HKCCS/Services/OFCPFWSVC/**"
Exclude "HKCCS/Services/TM_CFW/**"
Exclude "HKCCS/Services/FIREHOOK/**"
Exclude "HKCCS/Services/FIRESVC/**"
Exclude "HKCCS/Services/FIRETDI/**"
Exclude "HKCCS/Services/FIREPM/**"
}
}
Rule CW02a G_070_CommonOff {
Description "Prevent creation of new executable files in the Windows folder"
Enforce 0
Report 0
Process { Include *
Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* winlogon.exe
Exclude mrtstub.exe
Exclude mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe RSSensor.exe MPEScanner.exe firesvc.exe scanner.exe FireTray.exe McAfeeFire.exe amgrcnfg.exe SiteAdv.exe RPCServ.EXE HipManage.exe FCAGT.exe SAFeService.exe TBMon.exe dbinit.exe fssm32.exe
Exclude tomcat.exe
}
File C { Include "${windir}/**.exe"
Include "${windir}/**.dll"
Exclude "${windir}/Downloaded Program Files/**"
Exclude "**/framepkg.exe"
Exclude "${windir}/SoftwareDistribution/Download/**"
Exclude "${windir}/SoftwareDistribution/WebSetup/**"
Exclude "${windir}/system32/muweb.dll"
Exclude "${windir}/system32/wuweb.dll"
Exclude "${windir}/system32/cdm.dll"
Exclude "${windir}/system32/iuengine.dll"
Exclude "${windir}/system32/wuapi.dll"
Exclude "${windir}/system32/wuauclt.exe"
Exclude "${windir}/system32/wuauclt1.exe"
Exclude "${windir}/system32/wuaclt.exe"
Exclude "${windir}/system32/wuaclt1.exe"
Exclude "${windir}/system32/wuaueng.dll"
Exclude "${windir}/system32/wuaueng1.dll"
Exclude "${windir}/system32/wucltui.dll"
Exclude "${windir}/system32/wups.dll"
Exclude "${windir}/system32/wups2.dll"
Exclude "${windir}/system32/FireNotify.dll"
Exclude "${windir}/system32/FireCNL.dll"
Exclude "${windir}/system32/FireCore.dll"
Exclude "${windir}/system32/FireCL.dll"
Exclude "${windir}/system32/FireEpo.dll"
Exclude "${windir}/system32/FireNHC.dll"
Exclude "${windir}/system32/FireSCV.dll"
Exclude "${windir}/temp/ZDATAI51.DLL"
Exclude "${windir}/temp/_WUTL951.DLL"
}
}
Rule CW02b G_070_CommonOff {
Description "Prevent creation of new executable files in the Program Files folder"
Enforce 0
Report 0
Process { Include *
Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* winlogon.exe
Exclude mrtstub.exe
Exclude mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe
Exclude tomcat.exe
}
File C { Include "${programfiles}/**.exe"
Include "${programfiles}/**.dll"
Include "${programfiles_x86}/**.exe"
Include "${programfiles_x86}/**.dll"
Exclude "**/framepkg.exe"
Exclude "${programfiles}/WindowsUpdate/**"
Exclude "${CommonProgramFiles_x86}/InstallShield/engine/6/Intel 32/*"
Exclude "${CommonProgramFiles_x86}/InstallShield/IScript/*"
Exclude "${ProgramFiles_x86}/Network Associates/McAfee Desktop Firewall for Windows XP/*"
Exclude "${ProgramFiles_x86}/Network Associates/McAfee Desktop Firewall for Windows XP/Resource/*/*"
Exclude "${ProgramFiles_x86}/Network Associates/McAfee Desktop Firewall for Windows XP/Uninstall Information/*"
Exclude "${CommonProgramFiles_x86}/Network Associates/TalkBack/*"
Exclude "${ProgramFiles_x86}/Panda Software/**"
Exclude "${ProgramFiles_x86}/Norton Antivirus/Quarantine/**"
Exclude "${ProgramFiles_x86}/Trend Micro/**"
}
}
Rule CW04 G_070_CommonOff {
Description "Prevent launching of files from the Downloaded Program Files folder"
Enforce 0
Report 1
Process { Include iexplore.exe }
File X { Include "**/downloaded program files/**.exe"}
}
Rule CW05 G_070_CommonOff {
Description "Prevent FTP communication"
Enforce 0
Report 0
Process { Include *
Exclude ${DefaultBrowser} explorer.exe iexplore.exe firefox.exe mozilla.exe netscp.exe opera.exe msn6.exe tomcat.exe tomcat5.exe tomcat5w.exe inetinfo.exe amgrsrvc.exe apache.exe webproxy.exe msexcimc.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe
Exclude pasys* google*
Exclude alg.exe ftp.exe agentnt.exe
}
Port OTU { Include 20 21 }
}
Rule CW06 G_070_CommonOff {
Description "Prevent HTTP communication"
Enforce 0
Report 0
Process { Include *
Exclude ${DefaultBrowser} ${DefaultEmailClient} explorer.exe iexplore.exe firefox.exe mozilla.exe netscp.exe opera.exe msn6.exe tomcat.exe tomcat5.exe tomcat5w.exe inetinfo.exe amgrsrvc.exe apache.exe webproxy.exe msexcimc.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe eudora.exe msimn.exe msn6.exe msnmsgr.exe neo20.exe nlnotes.exe outlook.exe pine.exe poco.exe thebat.exe thunde*.exe winpm-32.exe MAPISP32.exe VMIMB.EXE RESRCMON.EXE Owstimer.exe SPSNotific* WinMail.exe msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe
Exclude lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe
Exclude alg.exe mobsync.exe waol.exe agentnt.exe svchost.exe runscheduled.exe pasys* google* backweb-*
Exclude vmnat.exe devenv.exe windbg.exe jucheck.exe realplay.exe acrord32.exe acrobat.exe
Exclude wfica32.exe mmc.exe mshta.exe dwwin.exe wmplayer.exe console.exe wuauclt.exe
Exclude javaw.exe ccmexec.exe ntaskldr.exe winamp.exe realplay.exe quicktimeplaye* SiteAdv.exe McSACore.exe
}
Port OTU { Include 80
Include 443 }
}
}
}
Product ANTISPYW* { AccessProtection {
Enforce G_010_AntiSpyOn 1
Report G_010_AntiSpyOn 1
Enforce G_020_AntiSpyOff 1
Report G_020_AntiSpyOff 1
Rule ASO01 G_010_AntiSpyOn {
Description "Protect Internet Explorer favorites and settings"
Enforce 0
Report 0
Process { Include *
Exclude iexplore.exe rundll32.exe explorer.exe winlogon.exe ie4uinit.exe regsvr32.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe
Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe RSSensor.exe MPEScanner.exe firesvc.exe scanner.exe FireTray.exe McAfeeFire.exe amgrcnfg.exe SiteAdv.exe RPCServ.EXE HipManage.exe FCAGT.exe SAFeService.exe TBMon.exe dbinit.exe vstskmgr.exe scan32.exe scan64.exe scncfg32.exe shcfg32.exe shstat.exe mcupdate.exe mcconsol.exe ncdaemon.exe mfeann.exe mfehidin.exe csscan.exe mcshield.exe restartVSE.exe mcadmin.exe EngineServer.exe VirusScanAdvancedServer.exe vmscan.exe
Exclude icwconn1.exe proxycfg.exe userinit.exe msohtmed.exe console.exe svchost.exe cmd.exe mmc.exe unregmp2.exe
Exclude sidebar.exe jucheck.exe msimn.exe winmail.exe
}
Value CWD {
Include "HKULMS/Microsoft/Internet Explorer/**"
Include "HKULMS/Microsoft/Windows/CurrentVersion/Internet Settings/**"
Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS/CACHE/**"
Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS/5.0/CACHE/**"
Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS/ZONEMAP:PROXYBYPASS"
Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS/ZONEMAP:INTRANETNAME"
Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS/ZONEMAP:UNCASINTRANET"
Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS:MIGRATEPROXY"
Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS:PROXYENABLE"
Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS:PROXYSERVER"
Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS:PROXYOVERRIDE"
Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS:AUTOCONFIGURL"
Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS/CONNECTIONS:SAVEDLEGACYSETTINGS"
Exclude "HKULMS/Microsoft/Internet Explorer/Extensions/\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45\}/*"
Exclude "HKULMS/Microsoft/Internet Explorer/Main:SmoothScroll"
Exclude "HKULMS/Microsoft/Internet Explorer/International/CpMRU:Cache"
}
File CWD { Include "**/Favorites/**.url" }
}
Rule ASW01 G_020_AntiSpyOff {
Description "Prevent installation of new CLSIDs, APPIDs and TYPELIBs"
Enforce 0
Report 0
Process { Include *
Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* icwconn1.exe }
Key CD { Include "HKULMS/Classes/CLSID/**"
Include "HKULMS/Classes/APPID/**"
Include "HKULMS/Classes/TypeLib/**" }
}
Rule ASW02 G_020_AntiSpyOff {
Description "Prevent all programs from running files from the Temp folder"
Enforce 0
Report 0
Process { Include *
Exclude frminst.exe msiexec.exe mcscript_inuse.exe mcscancheck.exe mue_inuse.exe
}
File X { Include "**/temp*/**"
Exclude "**/temp/*/FrmInst.exe"
Exclude "**/\{718CF0D3-DCDF-428E-9F6C-258F065C8D6D\}/PiReg.exe"
Exclude "**/\{718CF0D3-DCDF-428E-9F6C-258F065C8D6D\}/setlicense.exe"
Exclude "**/Temp/iadhide?.dll"
Exclude "**/Temp/NAVSetup.exe"
Exclude "**/Temp/NAV/NAVSetup.exe"
}
}
Rule ASW03 G_020_AntiSpyOff {
Description "Prevent execution of scripts from the Temp folder"
Enforce 0
Report 1
Process { Include ?script.exe }
File R { Include "**/temp*/**" }
}
}}
Product VIRUSCAN8* { AccessProtection {
Enforce G_030_AntiVirusOn 1
Report G_030_AntiVirusOn 1
Enforce G_040_AntiVirusOff 0
Report G_040_AntiVirusOff 0
Enforce G_050_Outbreak 0
Report G_050_Outbreak 0
Enforce G_080_VM 0
Report G_080_VM 1
Rule AVO02 G_030_AntiVirusOn {
Description "Prevent registry editor and Task Manager from being disabled"
Enforce 0
Report 0
Process { Include *
Exclude rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* mmc.exe}
Value CWD { Include "HKULMS/Microsoft/Windows/CurrentVersion/Policies/System:DisableRegistryTools"
Include "HKULMS/Microsoft/Windows/CurrentVersion/Policies/System:DisableTaskMgr" }
}
Rule AVO03 G_030_AntiVirusOn {
Description "Prevent user rights policies from being altered"
Enforce 0
Report 0
Process { Include *
Exclude rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe services.exe amgrsrvc.exe mmc.exe lsass.exe frminst.exe}
Key CWD { Include "HKCCS/Control/LSA/**"
Include "HKCCS/Services/lanmanserver/parameters/**" }
}
Rule AVO04 G_030_AntiVirusOn {
Description "Prevent remote creation/modification of executable and configuration files"
Enforce 0
Report 0
Process { Include system:remote }
File CWD { Include **.exe **.scr **.ocx **.dll **.pif
Include "${windir}/**"
Include **.ini "${systemdrive}/*"
Exclude "**/framepkg.exe" }
}
Rule AVO05 G_030_AntiVirusOn {
Description "Prevent remote creation of autorun files"
Process { Include system:remote}
File C { Include **/autorun.inf }
}
Rule AVO06 G_030_AntiVirusOn {
Description "Prevent hijacking of .EXE and other executable extensions"
Enforce 0
Report 0
Process { Include *
Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe }
Key WD { Include "HKULMS/Classes/.exe/**"
Include "HKULMS/Classes/exefile/**"
Include "HKULMS/Classes/.com/**"
Include "HKULMS/Classes/comfile/**"
Include "HKULMS/Classes/.bat/**"
Include "HKULMS/Classes/batfile/**"
Include "HKULMS/Classes/.cmd/**"
Include "HKULMS/Classes/cmdfile/**" }
}
Rule AVO08 G_030_AntiVirusOn {
Description "Prevent Windows Process spoofing"
Enforce 0
Report 0
Process { Include * }
File CRXW { Include "**/svchost.exe"
Include "**/explorer.exe"
Include "**/ctfmon.exe"
Include "**/lsass.exe"
Include "**/csrss.exe"
Include "**/winlogon.exe"
Include "**/services.exe"
Include "**/smss.exe"
Exclude "${WINDIR}/**/svchost.exe"
Exclude "${WINDIR}/**/explorer.exe"
Exclude "${WINDIR}/**/ctfmon.exe"
Exclude "${WINDIR}/**/lsass.exe"
Exclude "${WINDIR}/**/csrss.exe"
Exclude "${WINDIR}/**/winlogon.exe"
Exclude "${WINDIR}/**/services.exe"
Exclude "${WINDIR}/**/smss.exe" }
}
Rule AVO10 G_030_AntiVirusOn {
Description "Prevent mass mailing worms from sending mail"
Process { Include *
Exclude ${DefaultEmailClient} ${DefaultBrowser} eudora.exe msimn.exe msn6.exe msnmsgr.exe neo20.exe nlnotes.exe outlook.exe pine.exe poco.exe thebat.exe thunde*.exe winpm-32.exe MAPISP32.exe VMIMB.EXE RESRCMON.EXE Owstimer.exe SPSNotific* WinMail.exe explorer.exe iexplore.exe firefox.exe mozilla.exe netscp.exe opera.exe msn6.exe tomcat.exe tomcat5.exe tomcat5w.exe inetinfo.exe amgrsrvc.exe apache.exe webproxy.exe msexcimc.exe
Exclude ntaskldr.exe nsmtp.exe nrouter.exe agent.exe
Exclude ebs.exe firesvc.exe modulewrapper* msksrvr.exe mskdetct.exe mailscan.exe rpcserv.exe
Exclude mdaemon.exe worldclient.exe wspsrv.exe }
Port OTU { Include 25
Include 587 }
}
Rule AVO11 G_030_AntiVirusOn {
Description "Prevent IRC communication"
Process { Include * }
Port IOTU { Include 6666 6669 }
}
Rule AVO12 G_030_AntiVirusOn {
Description "Prevent use of tftp.exe"
Enforce 0
Report 0
Process { Include *
Exclude wuauclt.exe }
File RX { Include "**/tftp.exe" }
}
Rule AVW01 G_040_AntiVirusOff {
Description "Prevent alteration of all file extension registrations"
Process { Include *
Exclude explorer.exe }
Key WD { Include "HKULMS/Classes/.*/**" }
}
Rule AVW02 G_040_AntiVirusOff {
Description "Protect cached files from password and email address stealers"
Process { Include *
Exclude iexplore.exe explorer.exe rundll32.exe sidebar.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe }
File R { Include "**/content.ie5/**" }
}
Rule AVO07 G_040_AntiVirusOff {
Description "Prevent svchost executing non-Windows executables"
Process { Include svchost.exe }
File X { Include "**/*.*"
Exclude "**/*.exe"
Exclude "**/*.exe.Manifest"
Exclude "${windir}/**"
Exclude "${CommonProgramFiles}/Microsoft Shared/**"
Exclude "${CommonProgramFiles_x86}/Microsoft Shared/**"
Exclude "${programfiles}/Fortinet/**"
Exclude "${programfiles_x86}/mcafee/**"
Exclude "${programfiles}/Windows Defender/**"
}
}
Rule AVO09 G_040_AntiVirusOff {
Description "Protect phonebook files from password and email address stealers"
Process { Include *
Exclude rasphone.exe explorer.exe svchost.exe frameworkservice.exe logonui.exe }
File RDWC { Include "**/rasphone.pbk" }
}
Rule OB01 G_050_Outbreak {
Description "Make all shares read-only"
Process { Include system:remote }
File CWD { Include * }
}
Rule OB02 G_050_Outbreak {
Description "Block read and write access to all shares"
Process { Include system:remote }
File CWDRX { Include * }
}
Rule VM01 G_080_VM {
Description "Prevent Termination of VMWare Processes"
Process { Include *
Exclude "**/system32/csrss.exe" vmware-authd.exe vmware-ufad.exe vmnat.exe vmount2.exe vmnetdhcp.exe vmware.exe vmware-vmx.exe vmware-tray.exe vmserverdWin32.exe vmwareuser.exe vmplayer.exe vmwaretray.exe }
ProtectProcess { Include vmware-authd.exe vmware-ufad.exe vmnat.exe vmount2.exe vmnetdhcp.exe vmware.exe vmware-vmx.exe vmware-tray.exe vmserverdWin32.exe vmwareuser.exe vmplayer.exe vmwaretray.exe }
}
Rule VM02 G_080_VM {
Description "Prevent modification of VMWare Workstation files and settings"
Process { Include *
Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe vmware-authd.exe vmware-ufad.exe vmnat.exe vmount2.exe vmnetdhcp.exe vmware.exe vmware-vmx.exe vmware-tray.exe vmserverdWin32.exe vmwareuser.exe vmplayer.exe vmwaretray.exe svchost.exe NdisInstall.exe FireSvc.exe WMIADAP.EXE
}
File CWD { Include "${programfiles_x86}/Common Files/VMWare/**"
Include "${vmwareworkstationinstalldir}**"
Include "${windir}/system32/drivers/VMkbd.sys"
Include "${windir}/system32/drivers/vmnetadapter.sys"
Include "${windir}/system32/drivers/vmnetbridge.sys"
Include "${windir}/system32/drivers/vmnetuserif.sys"
Include "${windir}/system32/drivers/VMparport.sys"
Include "${windir}/system32/drivers/vmusb.sys"
Include "${windir}/system32/drivers/vmx86.sys"
Include "${windir}/system32/vmnat.exe"
Include "${windir}/system32/vmnetdhcp.exe"
}
Key CWD { Include "HKULMS/VMware, Inc./**"
Include "HKCCS/Services/VMAuthdService/**"
Include "HKCCS/Services/vmkb/**"
Include "HKCCS/Services/VMnetAdapter/**"
Include "HKCCS/Services/VMnetBridge/**"
Include "HKCCS/Services/VMnetDHCP/**"
Include "HKCCS/Services/VMnetuserif/**"
Include "HKCCS/Services/vmount2/**"
Include "HKCCS/Services/VMparport/**"
Include "HKCCS/Services/vmusb/**"
Include "HKCCS/Services/VMware/**"
Include "HKCCS/Services/VMware NAT Service/**"
Include "HKCCS/Services/vmx86/**"
Include "HKCR/.vmac/**"
Include "HKCR/.vmba/**"
Include "HKCR/.vmc/**"
Include "HKCR/.vmdk/**"
Include "HKCR/.vmhf/**"
Include "HKCR/.vmhr/**"
Include "HKCR/.vmsn/**"
Include "HKCR/.vmss/**"
Include "HKCR/.vmt/**"
Include "HKCR/.vmtm/**"
Include "HKCR/.vmx/**"
Include "HKCR/.vmxa/**"
Include "HKCR/Applications/vmware.exe/**"
Include "HKCR/CLSID/{07051fd9-3e4e-4f79-b1ac-0a2f9338f806}/**"
Include "HKCR/CLSID/{095DB814-94A0-4AD7-88C3-7DFBE688B12A}/**"
Include "HKCR/CLSID/{0ce412d9-4520-4e5a-893d-88b3a8f29c97}/**"
Include "HKCR/CLSID/{0F748FDE-0597-443c-8596-71854C5EA20A}/**"
Include "HKCR/CLSID/{13E86A0C-FE7D-4573-A41D-6B5B00CCFE22}/**"
Include "HKCR/CLSID/{164bdf7b-5c67-4daf-85a3-c6c927cb3d36}/**"
Include "HKCR/CLSID/{1c4387ae-2b23-4c45-8bc6-c1dfbddfb249}/**"
Include "HKCR/CLSID/{1dd25558-dda3-476a-a81c-a07b62f33725}/**"
Include "HKCR/CLSID/{22ff5311-53a4-4335-a2d9-b75e5731bbab}/**"
Include "HKCR/CLSID/{271DC252-6FE1-4D59-9053-E4CF50AB99DE}/**"
Include "HKCR/CLSID/{2e1c00eb-6468-40ae-94b3-2c8d80080f21}/**"
Include "HKCR/CLSID/{315cb05d-691f-4208-af14-0fa2fbb2cad6}/**"
Include "HKCR/CLSID/{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}/**"
}
}
Rule VM03 G_080_VM {
Description "Prevent modification of VMWare Server files and settings"
Process { Include *
Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe vmware-authd.exe vmware-ufad.exe vmnat.exe vmount2.exe vmnetdhcp.exe vmware.exe vmware-vmx.exe vmware-tray.exe vmserverdWin32.exe vmwareuser.exe vmplayer.exe vmwaretray.exe svchost.exe NdisInstall.exe FireSvc.exe WMIADAP.EXE
}
File CWD { Include "${programfiles_x86}/Common Files/VMWare/**"
Include "${vmwareserverinstalldir}**"
Include "${applicationdata}/VMWare/**"
Include "${windir}/system32/drivers/vmnetadapter.sys"
Include "${windir}/system32/drivers/vmnetbridge.sys"
Include "${windir}/system32/drivers/vmnetuserif.sys"
Include "${windir}/system32/drivers/vmx86.sys"
Include "${windir}/system32/drivers/vmnet.sys"
Include "${windir}/system32/vmnat.exe"
Include "${windir}/system32/vmnetdhcp.exe"
}
Key CWD { Include "HKULMS/VMware, Inc./**"
Include "HKCCS/Services/VMAuthdService/**"
Include "HKCCS/Services/vmkb/**"
Include "HKCCS/Services/VMnetAdapter/**"
Include "HKCCS/Services/VMnetBridge/**"
Include "HKCCS/Services/VMnetDHCP/**"
Include "HKCCS/Services/VMnetuserif/**"
Include "HKCCS/Services/vmount2/**"
Include "HKCCS/Services/VMparport/**"
Include "HKCCS/Services/vmserverdWin32/**"
Include "HKCCS/Services/VMware/**"
Include "HKCCS/Services/VMware NAT Service/**"
Include "HKCCS/Services/vmx86/**" }
}
Rule VM04 G_080_VM {
Description "Prevent modification of VMWare virtual machine files"
Process { Include *
Exclude vmware-authd.exe vmware-ufad.exe vmnat.exe vmount2.exe vmnetdhcp.exe vmware.exe vmware-vmx.exe vmware-tray.exe vmserverdWin32.exe vmwareuser.exe vmplayer.exe vmwaretray.exe svchost.exe NdisInstall.exe FireSvc.exe
}
File CWD { Include "**/*.vmdk"
Include "**/*.nvram"
Include "**/*.vmsd"
Include "**/*.vmx"
Include "**/*.vmxf"
}
}
}}
AccessProtection { Strings 0401 {
G_010_AntiSpyOn "反間諜軟體標準保護"
G_020_AntiSpyOff "反間諜軟體最大保護"
G_030_AntiVirusOn "防毒標準保護"
G_040_AntiVirusOff "防毒最大保護"
G_050_Outbreak "防病毒爆發控制"
G_060_CommonOn "一般標準保護"
G_070_CommonOff "一般最大保護"
G_080_VM "虛擬機器保護"
G_User "使用者定義的規則"
ASO01 "保護 Internet Explorer 我的最愛及設定"
ASW01 "防止安裝新的 CLSID、APPID 及 TYPELIB"
ASW02 "防止所有程式從 Temp 資料夾執行檔案"
ASW03 "防止從 Temp 資料夾執行指令碼"
AVO02 "防止登錄編輯程式及工作管理員被停用"
AVO03 "防止使用者權利原則被更改"
AVO04 "防止遠端建立/修改執行檔及設定檔"
AVO05 "防止遠端建立自動執行檔"
AVO06 "防止.EXE 及其他執行檔副檔名被劫持"
AVO07 "防止 svchost 執行非 Windows 執行檔"
AVO08 "防止僞裝 Windows 程序"
AVO09 "保護電話簿檔案,以防密碼及電子郵件地址遭竊"
AVO10 "防止大宗郵件蠕蟲病毒傳送郵件"
AVO11 "防止 IRC 通訊"
AVO12 "防止使用 tftp.exe"
AVW01 "防止所有副檔名登錄被更改"
AVW02 "保護快取檔案,以防密碼及電子郵件地址遭竊"
CO01 "防止 McAfee 檔案及設定被修改"
CO02 "防止 McAfee Common Management Agent 檔案及設定被修改"
CO03 "防止 McAfee 掃描引擎檔案及設定被修改"
CO04 "保護 Mozilla 及 FireFox 檔案及設定"
CO05 "保護 Internet Explorer 設定"
CO06 "防止安裝 Browser Helper Object 及 Shell 副檔名"
CO12 "保護網路設定"
CO13 "防止公用程式從 Temp 資料夾執行檔案"
COSP "防止 McAfee 處理程序終止"
CW01a "防止註冊為自動執行的程式"
CW01b "防止註冊為服務的程式"
CW02a "防止在 Windows 資料夾中建立新執行檔"
CW02b "防止在 Program Files 資料夾中建立新執行檔"
CW04 "防止從 Downloaded Program Files 資料夾中啟動檔案"
CW05 "防止 FTP 通訊"
CW06 "防止 HTTP 通訊"
OB01 "將所有的共用設為唯讀"
OB02 "封鎖對所有共用的讀取及寫入存取權"
VM01 "防止 VMWare 處理程序終止"
VM02 "防止 VMWare Workstation 檔案及設定被修改"
VM03 "防止 VMWare Server 檔案及設定被修改"
VM04 "防止 VMWare 虛擬機器檔案被修改"
}}
AccessProtection { Strings 07 {
G_010_AntiSpyOn "Standardmäßiger Spyware-Schutz"
G_020_AntiSpyOff "Maximaler Spyware-Schutz"
G_030_AntiVirusOn "Standardmäßiger Virenschutz"
G_040_AntiVirusOff "Maximaler Virenschutz"
G_050_Outbreak "Kontrolle bei Virusausbr├╝chen"
G_060_CommonOn "Common - Standardschutz"
G_070_CommonOff "Common - Maximaler Schutz"
G_080_VM "Schutz virtueller Computer"
G_User "Benutzerdefinierte Regeln"
ASO01 "Favoriten und Einstellungen in Internet Explorer sch├╝tzen"
ASW01 "Installation neuer CLSIDs, APPIDs und TYPELIBs verhindern"
ASW02 "Ausf├╝hren von Dateien im Temp-Ordner f├╝r alle Programme verhindern"
ASW03 "Ausf├╝hren von Skripten aus dem TEMP-Ordner verhindern"
AVO02 "Deaktivieren von Registrierungseditor und Task-Manager verhindern"
AVO03 "Ändern von Benutzerrechten für Richtlinien verhindern"
AVO04 "Remote-Erstellung/Änderung von ausführbaren Dateien und Konfigurationsdateien verhindern"
AVO05 "Remote-Erstellung von Autorun-Dateien verhindern"
AVO06 "Missbrauch von .EXE und andere Erweiterungen f├╝r ausf├╝hrbare Dateien verhindern"
AVO07 "Ausf├╝hren von Nicht-Windows-Dateien durch svchost verhindern"
AVO08 "Spoofing von Windows-Prozessen verhindern"
AVO09 "Adressbuchdateien vor Kennwort- und E-Mail-Adressdiebstahl sch├╝tzen"
AVO10 "Senden von E-Mails durch Massenmail-W├╝rmer verhindern"
AVO11 "IRC-Kommunikation verhindern"
AVO12 "Verwenden von tftp.exe verhindern"
AVW01 "Ändern der Registrierung für alle Dateierweiterungen verhindern"
AVW02 "Dateien im Cache vor Kennwort- und E-Mail-Adressdiebstahl sch├╝tzen"
CO01 "Veränderungen der McAfee-Dateien und -Einstellungen verhindern"
CO02 "Ändern von Dateien und Einstellungen des McAfee Common Management Agenten verhindern"
CO03 "Veränderungen der McAfee-Scanmodul-Dateien und -Einstellungen verhindern"
CO04 "Dateien und Einstellungen von Mozilla und FireFox sch├╝tzen"
CO05 "Einstellungen von Internet Explorer sch├╝tzen"
CO06 "Installation von Browser Helper Objects und Shell-Erweiterungen verhindern"
CO12 "Netzwerkeinstellungen sch├╝tzen"
CO13 "Ausführen von Dateien im Temp-Ordner für häufig genutzte Programme verhindern"
COSP "Beenden von McAfee-Prozessen verhindern"
CW01a "Registrieren von Programmen f├╝r Autorun verhindern"
CW01b "Registrierung von Programmen als Dienst verhindern"
CW02a "Erstellung neuer ausf├╝hrbarer Dateien im Windows-Ordner verhindern"
CW02b "Erstellung neuer ausf├╝hrbarer Dateien im Programmdateienordner verhindern"
CW04 "Starten von Dateien aus dem Ordner \"Downloaded Program Files\" verhindern"
CW05 "FTP-Kommunikation verhindern"
CW06 "HTTP-Kommunikation verhindern"
OB01 "Alle Freigaben mit Schreibschutz versehen"
OB02 "Lese- und Schreibzugriff auf alle Freigaben blockieren"
VM01 "Beendigung von VMWare-Prozessen verhindern"
VM02 "Ändern von Dateien und Einstellungen von VMWare-Workstation verhindern"
VM03 "Ändern von Dateien und Einstellungen von VMWare-Server verhindern"
VM04 "Ändern von Dateien des virtuellen VMWare-Computers verhindern"
}}
AccessProtection { Strings 09 {
G_010_AntiSpyOn "Anti-spyware Standard Protection"
G_020_AntiSpyOff "Anti-spyware Maximum Protection"
G_030_AntiVirusOn "Anti-virus Standard Protection"
G_040_AntiVirusOff "Anti-virus Maximum Protection"
G_050_Outbreak "Anti-virus Outbreak Control"
G_060_CommonOn "Common Standard Protection"
G_070_CommonOff "Common Maximum Protection"
G_080_VM "Virtual Machine Protection"
G_User "User-defined Rules"
ASO01 "Protect Internet Explorer favorites and settings"
ASW01 "Prevent installation of new CLSIDs, APPIDs and TYPELIBs"
ASW02 "Prevent all programs from running files from the Temp folder"
ASW03 "Prevent execution of scripts from the Temp folder"
AVO02 "Prevent registry editor and Task Manager from being disabled"
AVO03 "Prevent user rights policies from being altered"
AVO04 "Prevent remote creation/modification of executable and configuration files"
AVO05 "Prevent remote creation of autorun files"
AVO06 "Prevent hijacking of .EXE and other executable extensions"
AVO07 "Prevent svchost executing non-Windows executables"
AVO08 "Prevent Windows Process spoofing"
AVO09 "Protect phonebook files from password and email address stealers"
AVO10 "Prevent mass mailing worms from sending mail"
AVO11 "Prevent IRC communication"
AVO12 "Prevent use of tftp.exe"
AVW01 "Prevent alteration of all file extension registrations"
AVW02 "Protect cached files from password and email address stealers"
CO01 "Prevent modification of McAfee files and settings"
CO02 "Prevent modification of McAfee Common Management Agent files and settings"
CO03 "Prevent modification of McAfee Scan Engine files and settings"
CO04 "Protect Mozilla & FireFox files and settings"
CO05 "Protect Internet Explorer settings"
CO06 "Prevent installation of Browser Helper Objects and Shell Extensions"
CO12 "Protect network settings"
CO13 "Prevent common programs from running files from the Temp folder"
COSP "Prevent termination of McAfee processes"
CW01a "Prevent programs registering to autorun"
CW01b "Prevent programs registering as a service"
CW02a "Prevent creation of new executable files in the Windows folder"
CW02b "Prevent creation of new executable files in the Program Files folder"
CW04 "Prevent launching of files from the Downloaded Program Files folder"
CW05 "Prevent FTP communication"
CW06 "Prevent HTTP communication"
OB01 "Make all shares read-only"
OB02 "Block read and write access to all shares"
VM01 "Prevent Termination of VMWare Processes"
VM02 "Prevent modification of VMWare Workstation files and settings"
VM03 "Prevent modification of VMWare Server files and settings"
VM04 "Prevent modification of VMWare virtual machine files"
}}
AccessProtection { Strings 0A {
G_010_AntiSpyOn "Protección estándar de antisoftware espía"
G_020_AntiSpyOff "Protección máxima de antisoftware espía"
G_030_AntiVirusOn "Protección estándar de antivirus"
G_040_AntiVirusOff "Protección máxima de antivirus"
G_050_Outbreak "Control de brotes de antivirus"
G_060_CommonOn "Protección común estándar"
G_070_CommonOff "Protección común máxima"
G_080_VM "Protección de máquina virtual"
G_User "Reglas definidas por el usuario"
ASO01 "Proteger los favoritos y las opciones de Internet Explorer"
ASW01 "Impedir la instalaci├│n de nuevos CLSID, APPID y TYPELIB"
ASW02 "Impedir a todos los programas que ejecuten archivos desde la carpeta Temp"
ASW03 "Impedir la ejecuci├│n de secuencias de comandos desde la carpeta Temp"
AVO02 "Impedir la desactivaci├│n del editor del Registro y del Administrador de tareas"
AVO03 "Impedir la alteraci├│n de las directivas de derechos de usuario"
AVO04 "Impedir la creaci├│n o la modificaci├│n remota de los archivos ejecutables y de configuraci├│n"
AVO05 "Impedir la creación remota de archivos de ejecución automática"
AVO06 "Impedir el pirateo de archivos .EXE y con otras extensiones ejecutables"
AVO07 "Impedir que svchost ejecute archivos ejecutables que no sean de Windows"
AVO08 "Impedir la falsificaci├│n de procesos de Windows"
AVO09 "Proteger los archivos de la libreta de direcciones frente a los ladrones de contrase├▒as y direcciones de correo electr├│nico"
AVO10 "Impedir que los gusanos de envío masivo de correo envíen correo"
AVO11 "Impedir comunicaci├│n IRC"
AVO12 "Impedir el uso de tftp.exe"
AVW01 "Impedir la alteraci├│n de todos los registros de extensiones de archivos"
AVW02 "Proteger los archivos de la caché frente a los ladrones de contraseñas y direcciones de correo electrónico"
CO01 "Impedir la modificaci├│n de los archivos y las opciones de McAfee"
CO02 "Impedir la modificaci├│n de los archivos y las opciones de McAfee Common Management Agent"
CO03 "Impedir la modificaci├│n de los archivos y las opciones de McAfee Scan Engine "
CO04 "Proteger los archivos y las opciones de Mozilla y FireFox"
CO05 "Proteger las opciones de Internet Explorer"
CO06 "Impedir la instalaci├│n de objetos auxiliares del explorador y extensiones de shell"
CO12 "Proteger las opciones de red"
CO13 "Impedir que los programas comunes ejecuten archivos desde la carpeta Temp"
COSP "Evitar la interrupci├│n de procesos de McAfee "
CW01a "Impedir que los programas se registren para su ejecución automática"
CW01b "Impedir que los programas se registren como servicios"
CW02a "Impedir la creaci├│n de nuevos archivos ejecutables en la carpeta Windows"
CW02b "Impedir la creaci├│n de nuevos archivos ejecutables en la carpeta Archivos de programa"
CW04 "Impedir la ejecuci├│n de archivos desde la carpeta Downloaded Program Files"
CW05 "Impedir la comunicaci├│n FTP"
CW06 "Impedir la comunicaci├│n HTTP"
OB01 "Hacer que todos los recursos compartidos sean de s├│lo lectura"
OB02 "Bloquear el acceso de lectura y escritura de todos los recursos compartidos"
VM01 "Impedir la interrupci├│n de procesos de VMWare"
VM02 "Impedir la modificaci├│n de los archivos y las opciones de la estaci├│n de trabajo de VMWare"
VM03 "Impedir la modificaci├│n de los archivos y las opciones del servidor de VMWare"
VM04 "Impedir la modificación de los archivos de máquina virtual de VMWare"
}}
AccessProtection { Strings 0C {
G_010_AntiSpyOn "Protection standard contre les logiciels espions"
G_020_AntiSpyOff "Protection maximale contre les logiciels espions"
G_030_AntiVirusOn "Protection standard antivirus"
G_040_AntiVirusOff "Protection maximale antivirus"
G_050_Outbreak "Contr├┤le des attaques d'antivirus"
G_060_CommonOn "Protection standard commune"
G_070_CommonOff "Protection maximale commune"
G_080_VM "Protection de la machine virtuelle"
G_User "Règles définies par l'utilisateur"
ASO01 "Protéger les favoris et les paramètres d'Internet Explorer"
ASW01 "Empêcher l'installation de nouveaux CLSID, APPID et TYPELIB"
ASW02 "Empêcher tous les programmes d'exécuter des fichiers du dossier Temp"
ASW03 "Empêcher l'exécution de scripts du dossier Temp"
AVO02 "Empêcher la désactivation de l'éditeur de registre et du gestionnaire des tâches"
AVO03 "Empêcher l'altération des stratégies des droits d'accès utilisateur"
AVO04 "Empêcher la création/ modification à distance de fichiers exécutables et de configuration"
AVO05 "Empêcher la création à distance de fichiers d'exécution automatique"
AVO06 "Empêcher le détournement des fichiers .EXE et des autres extensions exécutables"
AVO07 "Empêcher svchost d'exécuter des fichiers exécutables non Windows"
AVO08 "Empêcher l'usurpation du processus Windows"
AVO09 "Protéger les fichiers de répertoire des voleurs de mots de passe et d'adresses de messagerie"
AVO10 "Empêcher les vers à  diffusion massive d'envoyer des messages électroniques"
AVO11 "Empêcher la communication IRC"
AVO12 "Empêcher l'utilisation du fichier tftp.exe"
AVW01 "Empêcher l'altération de tous les enregistrements d'extension de fichier"
AVW02 "Protéger les fichiers en cache des voleurs de mots de passe et d'adresses de messagerie"
CO01 "Empêcher la modification des fichiers et paramètres de McAfee"
CO02 "Empêcher la modification des fichiers et paramètres de McAfee Common Management Agent"
CO03 "Empêcher la modification des fichiers et paramètres de McAfee Scan Engine"
CO04 "Protéger les fichiers et les paramètres de Mozilla et FireFox"
CO05 "Protéger les paramètres d'Internet Explorer"
CO06 "Empêcher l'installation de programmes additionnels de navigateur et d'extensions Shell"
CO12 "Protéger les paramètres réseau"
CO13 "Empêcher les programmes communs d'exécuter des fichiers du dossier Temp"
COSP "Empêcher l'arrêt des processus McAfee"
CW01a "Empêcher les programmes de s'enregistrer pour l'exécution automatique"
CW01b "Empêcher les programmes de s'enregistrer en tant que service"
CW02a "Empêcher la création de fichiers exécutables dans le dossier Windows"
CW02b "Empêcher la création de fichiers exécutables dans le dossier Program Files"
CW04 "Empêcher le lancement des fichiers du dossier Downloaded Program Files"
CW05 "Empêcher la communication FTP"
CW06 "Empêcher la communication HTTP"
OB01 "Passer tous les éléments partagés en lecture seule"
OB02 "Bloquer l'accès en lecture et en écriture pour tous les éléments partagés"
VM01 "Empêcher l'arrêt des processus VMWare"
VM02 "Empêcher la modification des fichiers et paramètres de la station de travail VMWare"
VM03 "Empêcher la modification des fichiers et paramètres du serveur VMWare"
VM04 "Empêcher la modification des fichiers de la machine virtuelle VMWare"
}}
AccessProtection { Strings 10 {
G_010_AntiSpyOn "Protezione AntiSpyware standard"
G_020_AntiSpyOff "Protezione AntiSpyware massima"
G_030_AntiVirusOn "Protezione antivirus standard"
G_040_AntiVirusOff "Protezione antivirus massima"
G_050_Outbreak "Controllo diffusione antivirus"
G_060_CommonOn "Protezione comune standard"
G_070_CommonOff "Protezione comune massima"
G_080_VM "Protezione della macchina virtuale"
G_User "Regole definite dallΓÇÖutente"
ASO01 "Proteggi impostazioni e preferiti di Internet Explorer"
ASW01 "Impedisci installazione di nuovi CLSID, APPID e TYPELIB"
ASW02 "Impedisci esecuzione di file dalla cartella Temp da parte di tutti i programmi"
ASW03 "Impedisci esecuzione di script dalla cartella Temp"
AVO02 "Impedisci disattivazione dell'Editor del Registro di sistema e di Task Manager"
AVO03 "Impedisci modifica dei criteri diritti utente"
AVO04 "Impedisci creazione/modifica remota di file eseguibili e di configurazione"
AVO05 "Impedisci creazione remota di file a esecuzione automatica"
AVO06 "Impedisci la presa di controllo di file eseguibili con estensione .EXE e altre estensioni"
AVO07 "Impedisci esecuzione di file eseguibili non Windows da parte di svchost"
AVO08 "Impedisci spoofing dei processi Windows"
AVO09 "Proteggi file della rubrica dal furto di password e di indirizzi di posta elettronica"
AVO10 "Impedisci a worm distribuiti tramite mass-mailing di inviare messaggi"
AVO11 "Impedisci comunicazioni via IRC"
AVO12 "Impedisci utilizzo di tftp.exe"
AVW01 "Impedisci modifica di tutte le registrazioni delle estensioni di file"
AVW02 "Proteggi file della cache dal furto di password e di indirizzi di posta elettronica"
CO01 "Impedisci modifica di file e impostazioni McAfee"
CO02 "Impedisci modifica file e impostazioni di McAfee Common Management Agent"
CO03 "Impedisci modifica file e impostazioni del motore di scansione McAfee"
CO04 "Proteggi file e impostazioni di Mozilla e FireFox"
CO05 "Proteggi impostazioni di Internet Explorer"
CO06 "Impedisci installazione di oggetti browser helper e di estensioni della shell"
CO12 "Proteggi impostazioni di rete"
CO13 "Impedisci esecuzione di file dalla cartella Temp da parte di programmi comuni"
COSP "Impedisci interruzione dei processi McAfee"
CW01a "Impedisci registrazione di programmi per l'esecuzione automatica"
CW01b "Impedisci registrazione di programmi come servizi"
CW02a "Impedisci creazione di nuovi file eseguibili nella cartella Windows"
CW02b "Impedisci creazione di nuovi file eseguibili nella cartella Programmi"
CW04 "Impedisci esecuzione di file dalla cartella Downloaded Program Files"
CW05 "Impedisci comunicazioni via FTP"
CW06 "Impedisci comunicazioni via HTTP"
OB01 "Rendi tutte le condivisioni di sola lettura"
OB02 "Blocca accesso in lettura e scrittura a tutte le condivisioni."
VM01 "Impedisci interruzione dei processi VMWare"
VM02 "Impedisci modifica di file e impostazioni di VMWare Workstation"
VM03 "Impedisci modifica di file e impostazioni di VMWare Server"
VM04 "Impedisci modifica di file della macchina virtuale VMWare"
}}
AccessProtection { Strings 11 {
G_010_AntiSpyOn "スパイウェア対策標準保護"
G_020_AntiSpyOff "スパイウェア対策最大保護"
G_030_AntiVirusOn "ウイルス対策標準保護"
G_040_AntiVirusOff "ウイルス対策最大保護"
G_050_Outbreak "ウイルス対策アウトブレーク コントロール"
G_060_CommonOn "一般標準プロテクト"
G_070_CommonOff "一般最大プロテクト"
G_080_VM "仮想マシン保護"
G_User "ユーザ定義ルール"
ASO01 "Internet Explorer のお気に入りと設定を保護する"
ASW01 "CLSID、APPID、および TYPELIB を新しくインストールさせない"
ASW02 "すべてのプログラムによる[temp]フォルダにあるファイルの実行をブロック"
ASW03 "一時フォルダでのスクリプトの実行を禁止する"
AVO02 "レジストリ エディタおよびタスク マネージャが無効にさせない"
AVO03 "ユーザ権利のポリシーが変更させない"
AVO04 "実行可能ファイルおよび構成ファイルをリモートから作成または変更させない"
AVO05 "自動実行ファイルをリモートから作成させない"
AVO06 "EXE およびその他の実行可能な拡張子のハイジャックを防止する"
AVO07 "Windows 以外の実行可能ファイルを svchost によって実行させない"
AVO08 "Windows プロセスのスプーフィングをさせない"
AVO09 "パスワードや電子メール アドレスが盗難されないように電話帳ファイルを保護する"
AVO10 "大量メール配信型ワームにメールを送信させない"
AVO11 "IRC コミュニケーションをさせない"
AVO12 "tftp.exe を使用させない"
AVW01 "ファイル拡張子の登録を変更させない"
AVW02 "パスワードや電子メール アドレスが盗難されないようにキャシュしたファイルを保護する"
CO01 "McAfee ファイルの変更と設定を保護する"
CO02 "McAfee Common Management Agent のファイルと設定を変更させない"
CO03 "McAfee Scan Engine ファイルの変更と設定を保護する"
CO04 "Mozilla および FireFox のファイルと設定を保護する"
CO05 "Internet Explorer 設定を保護する"
CO06 "ブラウザのヘルパ オブジェクトやシェルの拡張機能をインストールさせない"
CO12 "ネットワークの設定を保護する"
CO13 "一般のプログラムによる [Temp] フォルダのファイルの実行を防止する"
COSP "McAfee プロセスが終了されないようにする"
CW01a "プログラムの自動実行登録を防止する"
CW01b "プログラムをサービスとして登録させない"
CW02a "Windows フォルダに新しい実行可能ファイルを作成させない"
CW02b "Program Files フォルダに新しい実行可能ファイルを作成させない"
CW04 "Downloaded Program Files フォルダからファイルを起動させない"
CW05 "FTP にコミュニケーションさせない"
CW06 "HTTP にコニュニケーションさせない"
OB01 "すべての共有を読み取り専用にする"
OB02 "すべてのシェアからの読み出しと書き込みをさせない"
VM01 "VMWare プロセスが終了されないようにする"
VM02 "VMWare Workstation ファイルおよび設定の変更を防止する"
VM03 "VMWare Server ファイルおよび設定の変更を防止する"
VM04 "VMWare 仮想マシン ファイルの変更を防止する"
}}
AccessProtection { Strings 12 {
G_010_AntiSpyOn "안티스파이웨어 표준 보호"
G_020_AntiSpyOff "안티스파이웨어 최대 보호"
G_030_AntiVirusOn "안티바이러스 표준 보호"
G_040_AntiVirusOff "안티바이러스 최대 보호"
G_050_Outbreak "안티바이러스 아웃브레이크 제어"
G_060_CommonOn "일반 표준 보호"
G_070_CommonOff "일반 최대 보호"
G_080_VM "VM δ│┤φÿ╕"
G_User "사용자 정의 규칙"
ASO01 "Internet Explorer 즐겨찾기 및 설정 보호"
ASW01 "새로운 CLSID, APPID 및 TYPELIB 설치 방지"
ASW02 "모든 프로그램에 대해 Temp 폴더에서 파일 실행 방지"
ASW03 "Temp 폴더에서 스크립트 실행 방지"
AVO02 "레지스트리 편집기 및 작업 관리자 비활성화 방지"
AVO03 "사용자 권한 정책 변경 방지"
AVO04 "실행 파일 및 구성 파일의 원격 작성/수정 방지"
AVO05 "자동 실행 파일의 원격 작성 방지"
AVO06 ".EXE 및 기타 실행 파일 확장명의 가로채기 방지"
AVO07 "svchost에서 비 Windows 실행 파일의 실행 방지"
AVO08 "Windows 프로세스 스푸핑 방지"
AVO09 "암호 및 전자 메일 주소 도둑으로부터 전화 번호부 보호"
AVO10 "발송 메일에서 대량 메일 발송 웜 방지"
AVO11 "IRC 통신 방지"
AVO12 "tftp.exe 사용 방지"
AVW01 "모든 파일 확장명의 등록 변경 방지"
AVW02 "암호 및 전자 메일 주소 도둑으로부터 캐시된 파일 보호"
CO01 "McAfee 파일 및 설정 수정 방지"
CO02 "McAfee Common Management Agent 파일 및 설정 수정 방지"
CO03 "McAfee Scan Engine 파일 및 설정 수정 방지"
CO04 "Mozilla & FireFox 파일 및 설정 보호"
CO05 "Internet Explorer 설정 보호"
CO06 "브라우저 도우미 개체 및 셸 확장 설치 방지"
CO12 "네트워크 설정 보호"
CO13 "일반 프로그램에 대해 Temp 폴더에서 파일 실행 방지"
COSP "McAfee 프로세스 종료 방지"
CW01a "자동 실행 프로그램으로 등록 방지"
CW01b "프로그램을 서비스로 등록하지 않도록 방지"
CW02a "Windows 폴더에서 새 실행 파일 작성 방지"
CW02b "Program Files 폴더에서 새 실행 파일 작성 방지"
CW04 "Downloaded Program Files 폴더에서 파일을 실행하지 못하도록 방지"
CW05 "FTP 통신 방지"
CW06 "HTTP 통신 방지"
OB01 "모든 공유를 읽기 전용으로"
OB02 "모든 공유에 읽기 및 쓰기 액세스 차단"
VM01 "VMWare 프로세스의 종료 방지"
VM02 "VMWare 워크스테이션 파일 및 설정 수정 방지"
VM03 "VMWare 서버 파일 및 설정 수정 방지"
VM04 "VMWare VM 파일 수정 방지"
}}
AccessProtection { Strings 13 {
G_010_AntiSpyOn "Standaardbeveiliging van Anti-spyware"
G_020_AntiSpyOff "Maximale beveiliging van Anti-spyware"
G_030_AntiVirusOn "Standaardbeveiliging van Anti-virus"
G_040_AntiVirusOff "Maximale beveiliging van Anti-virus"
G_050_Outbreak "Uitbraakbeveiliging van Anti-virus"
G_060_CommonOn "Algemene standaardbeveiliging"
G_070_CommonOff "Algemene maximale beveiliging"
G_080_VM "Beveiliging van virtual machine"
G_User "Door gebruiker opgegeven regels"
ASO01 "Favorieten en instellingen van Internet Explorer beveiligen"
ASW01 "Voorkomen dat nieuwe CLSID's, APPID's en TYPELIB's worden geïnstalleerd"
ASW02 "Voorkomen dat bestanden in de map Temp worden geopend vanuit alle programma's"
ASW03 "Voorkomen dat scripts worden uitgevoerd vanuit de map Temp"
AVO02 "Voorkomen dat Register-editor en Taakbeheer worden uitgeschakeld"
AVO03 "Voorkomen dat gebruikersbeleidsregels worden gewijzigd"
AVO04 "Voorkomen dat uitvoerbare bestanden en configuratiebestanden vanaf externe computers worden gemaakt of gewijzigd"
AVO05 "Voorkomen dat automatisch uitvoerbare bestanden vanaf externe computers worden gemaakt"
AVO06 "Voorkomen dat bestanden met de extensie .EXE en andere uitvoerbare extensies worden gekaapt"
AVO07 "Voorkomen dat uitvoerbare bestanden die niet tot Windows behoren worden uitgevoerd via svchost"
AVO08 "Spoofing van Windows-processen voorkomen"
AVO09 "Telefoonlijstbestanden beveiligen tegen diefstal van wachtwoorden en e-mailadressen"
AVO10 "Voorkomen dat massamailing-wormen e-mailberichten verzenden"
AVO11 "IRC-communicatie voorkomen"
AVO12 "Gebruik van tftp.exe voorkomen"
AVW01 "Voorkomen dat geregistreerde bestandsextensies worden gewijzigd"
AVW02 "In de cache geladen bestanden beveiligen tegen diefstal van wachtwoorden en e-mailadressen"
CO01 "Voorkomen dat McAfee-bestanden en -instellingen worden gewijzigd"
CO02 "Voorkomen dat bestanden en instellingen van McAfee Common Management Agent worden gewijzigd"
CO03 "Voorkomen dat bestanden en instellingen van de scanengine van McAfee worden gewijzigd"
CO04 "Bestanden en instellingen van Mozilla en FireFox beveiligen"
CO05 "Instellingen van Internet Explorer beveiligen"
CO06 "Voorkomen dat browser-helperobjecten en shell-extensies worden geïnstalleerd"
CO12 "Netwerkinstellingen beveiligen"
CO13 "Voorkomen dat bestanden in de map Temp worden geopend vanuit gangbare programma's"
COSP "Beëindiging van McAfee-processen voorkomen"
CW01a "Voorkomen dat programma's als automatisch uitvoerbaar worden geregistreerd"
CW01b "Voorkomen dat programma's als service worden geregistreerd"
CW02a "Voorkomen dat nieuwe uitvoerbare bestanden worden gemaakt in de map Windows"
CW02b "Voorkomen dat nieuwe uitvoerbare bestanden worden gemaakt in de map Program Files"
CW04 "Voorkomen dat bestanden worden geopend in de map Downloaded Program Files"
CW05 "FTP-communicatie voorkomen"
CW06 "HTTP-communicatie voorkomen"
OB01 "Alle shares alleen-lezen maken"
OB02 "Lees- en schrijftoegang tot alle shares blokkeren"
VM01 "Voorkomen dat VMWare-processen worden beëindigd"
VM02 "Voorkomen dat bestanden en instellingen van het VMWare-werkstation worden gewijzigd"
VM03 "Voorkomen dat bestanden en instellingen van de VMWare-server worden gewijzigd"
VM04 "Voorkomen dat virtuele machinebestanden van VMWare worden gewijzigd"
}}
AccessProtection { Strings 15 {
G_010_AntiSpyOn "Standardowe zabezpieczenia przeciwdziałające oprogramowaniu szpiegującemu"
G_020_AntiSpyOff "Najwyższy poziom zabezpieczeń przeciwdziałających oprogramowaniu szpiegującemu"
G_030_AntiVirusOn "Standardowe zabezpieczenie antywirusowe"
G_040_AntiVirusOff "Maksymalne zabezpieczenie antywirusowe"
G_050_Outbreak "Kontrola infekcji masowych"
G_060_CommonOn "Wsp├│lne zabezpieczenia standardowe"
G_070_CommonOff "Najwyższy poziom wspólnych zabezpieczeń"
G_080_VM "Ochrona maszyny wirtualnej"
G_User "Reguły zdefiniowane przez użytkownika"
ASO01 "Chroń ulubione i ustawienia programu Internet Explorer"
ASW01 "Blokuj instalowanie nowych element├│w CLSID, APPID i TYPELIB"
ASW02 "Powstrzymuj wszystkie programy przed uruchamianiem plik├│w w folderze Temp"
ASW03 "Blokuj uruchamianie skrypt├│w w folderze Temp"
AVO02 "Blokuj unieruchamianie programów Edytor rejestru i Menedżer zadań"
AVO03 "Blokuj zmiany w zasadach praw u┼╝ytkownik├│w"
AVO04 "Blokuj zdalne tworzenie/modyfikowanie plik├│w wykonywalnych i konfiguracyjnych"
AVO05 "Blokuj zdalne tworzenie automatycznie uruchamianych plik├│w"
AVO06 "Blokuj przechwytywanie plik├│w .EXE i innych typ├│w plik├│w wykonywalnych"
AVO07 "Blokuj proces svchost przed uruchamianiem plik├│w wykonywalnych spoza systemu Windows"
AVO08 "Blokuj podszywanie si─Ö pod procesy systemu Windows"
AVO09 "Chroń pliki książki telefonicznej przed programami kradnącymi adresy e-mail i hasła"
AVO10 "Blokuj wysyłanie wiadomości e-mail przez robaki poczty masowej."
AVO11 "Blokuj komunikacj─Ö IRC."
AVO12 "Blokuj korzystanie z programu tftp.exe"
AVW01 "Blokuj zmiany w zapisach rejestru dotyczących rozszerzeń plików"
AVW02 "Chroń pliki buforowane przed programami kradnącymi adresy e-mail i hasła"
CO01 "Blokuj modyfikowanie plików i ustawień oprogramowania McAfee"
CO02 "Blokuj modyfikowanie plików i ustawień programu McAfee Common Management Agent"
CO03 "Blokuj modyfikowanie plików i ustawień programu McAfee Scan Engine"
CO04 "Chroń pliki i ustawienia programów Mozilla i FireFox"
CO05 "Chroń ustawienia programu Internet Explorer"
CO06 "Blokuj instalowanie obiektów pomocniczych przeglądarki i rozszerzeń powłoki"
CO12 "Chroń ustawienia sieciowe"
CO13 "Blokuj uruchamianie plik├│w w folderze Temp przez popularne programy"
COSP "Zapobieganie kończeniu procesów aplikacji McAfee"
CW01a "Blokuj programy rejestruj─àce si─Ö do automatycznego uruchamiania"
CW01b "Blokuj programy rejestrujące się jako usługi"
CW02a "Blokuj tworzenie nowych plik├│w wykonywalnych w folderze Windows"
CW02b "Blokuj tworzenie nowych plik├│w wykonywalnych w folderze Program Files"
CW04 "Blokuj uruchamianie plik├│w z folderu Downloaded Program Files"
CW05 "Blokuj komunikacj─Ö FTP"
CW06 "Blokuj komunikacj─Ö HTTP"
OB01 "Nadaj wszystkim udziałom atrybut tylko do odczytu"
OB02 "Zablokuj dostęp do odczytu i zapisu dla wszystkich udziałów"
VM01 "Blokuj kończenie procesów VMWare"
VM02 "Blokuj modyfikowanie plików i ustawień stacji roboczej VMWare"
VM03 "Blokuj modyfikowanie plików i ustawień serwera VMWare"
VM04 "Blokuj modyfikowanie plik├│w maszyny wirtualnej VMWare"
}}
AccessProtection { Strings 16 {
G_010_AntiSpyOn "Proteção padrão do anti-spyware"
G_020_AntiSpyOff "Proteção máxima do anti-spyware"
G_030_AntiVirusOn "Proteção padrão do antivírus"
G_040_AntiVirusOff "Proteção máxima do antivírus"
G_050_Outbreak "Controle de epidemia do antivírus"
G_060_CommonOn "Proteção padrão do Common"
G_070_CommonOff "Proteção máxima do Common"
G_080_VM "Proteção de máquina virtual"
G_User "Regras definidas pelo usuário"
ASO01 "Proteger os sites favoritos e as configurações do Internet Explorer"
ASW01 "Impedir a instalação de novos CLSIDs, APPIDs e TYPELIBs"
ASW02 "Impedir que todos os programas executem arquivos na pasta Temp"
ASW03 "Impedir a execução de scripts da pasta Temp"
AVO02 "Impedir que o Editor do registro e o Gerenciador de tarefas sejam desativados"
AVO03 "Impedir que as políticas de direitos dos usuários sejam alteradas"
AVO04 "Impedir a criação/modificação remota de arquivos executáveis e de configuração"
AVO05 "Impedir a criação remota de arquivos executados automaticamente"
AVO06 "Impedir o seqüestro de .EXE e outras extensões executáveis"
AVO07 "Impedir que svchost execute executáveis que não sejam do Windows"
AVO08 "Impedir adulteração de processos do Windows "
AVO09 "Proteger os arquivos do catálogo telefônico contra ladrões de senhas e de endereços de e-mail"
AVO10 "Impedir que worms de e-mail em massa enviem mensagens"
AVO11 "Impedir a comunicação do IRC"
AVO12 "Impedir o uso do tftp.exe"
AVW01 "Impedir a alteração de todos os registros de extensão de arquivo"
AVW02 "Proteger os arquivos armazenados em cache contra ladrões de senhas e de endereços de e-mail"
CO01 "Impedir a modificação de arquivos e configurações da McAfee"
CO02 "Impedir a modificação de arquivos e configurações do agente de gerenciamento comum McAfee"
CO03 "Impedir a modificação de arquivos e configurações do mecanismo de varredura McAfee"
CO04 "Proteger arquivos e configurações do Mozilla FireFox"
CO05 "Proteger configurações do Internet Explorer"
CO06 "Impedir a instalação de BHOs (Objetos de Ajuda de Navegação) e extensões do shell"
CO12 "Proteger configurações de rede"
CO13 "Impedir que os programas comuns executem arquivos na pasta Temp"
COSP "Impedir encerramento de processos da McAfee"
CW01a "Impedir que programas que estejam se registrando sejam executados automaticamente"
CW01b "Impedir programas que estejam se registrando como um serviço"
CW02a "Impedir a criação de novos arquivos executáveis na pasta Windows"
CW02b "Impedir a criação de novos arquivos executáveis na pasta Arquivos de programa"
CW04 "Impedir a inicialização de arquivos na pasta Downloaded Program Files"
CW05 "Impedir comunicação por FTP"
CW06 "Impedir comunicação por HTTP"
OB01 "Tornar todos os compartilhamentos somente leitura"
OB02 "Bloquear o acesso de leitura e gravação a todos os compartilhamentos"
VM01 "Impede o encerramento de processos do VMWare"
VM02 "Impede a modificação de configurações e arquivos do VMWare Workstation"
VM03 "Impede a modificação de configurações e arquivos do VMWare Server"
VM04 "Impede a modificação de arquivos de máquina virtual do VMWare"
}}
AccessProtection { Strings 19 {
G_010_AntiSpyOn "Стандартная защита от программ-шпионов"
G_020_AntiSpyOff "Максимальная защита от программ-шпионов"
G_030_AntiVirusOn "Стандартная антивирусная защита"
G_040_AntiVirusOff "Максимальная антивирусная защита"
G_050_Outbreak "Антивирусный контроль эпидемий"
G_060_CommonOn "Стандартная общая защита"
G_070_CommonOff "Максимальная общая защита"
G_080_VM "Защита виртуальных машин"
G_User "Правила, определяемые пользователем"
ASO01 "Обеспечить защиту избранного и настроек Internet Explorer"
ASW01 "Предотвратить установку новых элементов CLSID, APPID и TYPELIB"
ASW02 "Предотвратить запуск файлов из папки Temp для всех программ"
ASW03 "Предотвратить выполнение сценариев из папки Temp"
AVO02 "Предотвратить отключение редактора реестра и диспетчера задач"
AVO03 "Предотвратить изменение политик прав пользователей"
AVO04 "Предотвратить удаленное создание и изменение исполняемых файлов и файлов конфигурации"
AVO05 "Предотвратить удаленное создание файлов автозапуска"
AVO06 "Предотвратить перехват контроля над EXE и другими исполняемыми расширениями"
AVO07 "Предотвратить исполнение процессом svchost исполняемых файлов не в формате Windows"
AVO08 "Предотвратить подделку процессов Windows"
AVO09 "Обеспечить защиту файлов телефонной книги от кражи паролей и адресов электронной почты"
AVO10 "Предотвратить отправку почты червями массовой рассылки"
AVO11 "Предотвратить взаимодействие по IRC-протоколу"
AVO12 "Предотвратить использование tftp.exe"
AVW01 "Предотвратить изменение регистраций всех расширений файлов"
AVW02 "Обеспечить защиту кэшированных файлов от кражи паролей и адресов электронной почты"
CO01 "Предотвратить изменение файлов и настроек McAfee"
CO02 "Предотвратить изменение файлов и настроек McAfee Common Management Agent"
CO03 "Предотвратить изменение файлов и настроек ядра сканирования McAfee"
CO04 "Обеспечить защиту файлов и настроек Mozilla & FireFox"
CO05 "Обеспечить защиту настроек Internet Explorer"
CO06 "Предотвратить установку объектов модуля поддержки обозревателя и расширений оболочки"
CO12 "Обеспечить защиту сетевых настроек"
CO13 "Предотвратить запуск общими программами файлов из папки Temp"
COSP "Предотвратить завершение процессов McAfee"
CW01a "Предотвратить регистрацию программ для автозапуска"
CW01b "Предотвратить регистрацию программ как служб"
CW02a "Предотвратить создание новых исполняемых файлов в папке Windows"
CW02b "Предотвратить создание новых исполняемых файлов в папке Program Files"
CW04 "Предотвратить запуск файлов из папки Downloaded Program Files"
CW05 "Предотвратить взаимодействие по протоколу FTP"
CW06 "Предотвратить взаимодействие по протоколу HTTP"
OB01 "Сделать все общие ресурсы доступными только для чтения"
OB02 "Блокировать чтение и запись для всех общих ресурсов"
VM01 "Предотвратить завершение процессов VMWare"
VM02 "Предотвратить изменение файлов и настроек рабочей станции VMWare"
VM03 "Предотвратить изменение файлов и настроек сервера VMWare"
VM04 "Предотвратить изменение файлов виртуальной машины VMWare"
}}
AccessProtection { Strings 1D {
G_010_AntiSpyOn "Anti-Spyware - Standardskydd"
G_020_AntiSpyOff "Anti-Spyware - Maximalt skydd"
G_030_AntiVirusOn "Anti-Virus - Standardskydd"
G_040_AntiVirusOff "Anti-Virus - Maximalt skydd"
G_050_Outbreak "Anti-Virus - Utbrottskontroll"
G_060_CommonOn "Vanligt standardskydd"
G_070_CommonOff "Vanligt maximalt skydd"
G_080_VM "Skydd f├╢r virtuella maskiner"
G_User "Användardefinierade regler"
ASO01 "Skydda favoriter och inställningar i Internet Explorer"
ASW01 "F├╢rhindra installation av nya CLSID-, APPID- och TYPELIB-objekt"
ASW02 "Förhindra att program kör filer från mappen Temp"
ASW03 "Förhindra skriptkörning från mappen Temp"
AVO02 "Förhindra att Registereditorn och Aktivitetshanteraren stängs av"
AVO03 "Förhindra att principer för användarrättigheter ändras"
AVO04 "Förhindra att körbara filer och konfigurationsfiler ändras/skapas från en fjärranslutning"
AVO05 "Förhindra att fjärranslutningar skapar filer som körs automatiskt"
AVO06 "Förhindra att EXE-filer och andra körbara filnamnstillägg kapas"
AVO07 "Förhindra att svchost kör program som inte ingår i Windows"
AVO08 "F├╢rhindra att Windows-processer f├╢rfalskas"
AVO09 "Skydda l├╢senord och e-postadresser i adressb├╢cker"
AVO10 "F├╢rhindra massutskicksmaskar att skicka e-post"
AVO11 "F├╢rhindra IRC-kommunikation"
AVO12 "F├╢rhindra k├╢rning av tftp.exe"
AVW01 "Förhindra att registerinformation om filnamnstillägg ändras"
AVW02 "Skydda l├╢senord och e-postadresser i cachade filer"
CO01 "Blockerar ändringar av filer och inställningar för McAfee"
CO02 "Blockera ändringar av filer och inställningar för McAfee Common Management Agent"
CO03 "Blockera ändringar av filer och inställningar för McAfee Scan Engine"
CO04 "Skydda filer och inställningar för Mozilla & FireFox"
CO05 "Skydda inställningar i Internet Explorer"
CO06 "Blockera installation av webbläsartillägg och tillägg till Utforskaren"
CO12 "Skydda nätverksinställningar"
CO13 "Förhindra att vanliga program kör filer från mappen Temp"
COSP "F├╢rhindra att McAfee-processer avbryts"
CW01a "F├╢rhindra att program registreras f├╢r att k├╢ras automatiskt"
CW01b "Förhindra att program registreras som tjänster"
CW02a "F├╢rhindra att nya k├╢rbara filer skapas i mappen Windows"
CW02b "F├╢rhindra att nya k├╢rbara filer skapas i mappen Program"
CW04 "F├╢rhindra att filer i mappen Downloaded Program Files k├╢rs"
CW05 "F├╢rhindra FTP-kommunikation"
CW06 "F├╢rhindra HTTP-kommunikation"
OB01 "Skrivskydda alla resurser"
OB02 "Spärra läs- och skrivåtkomst för alla resurser"
VM01 "F├╢rhindra att VMWare-processer avbryts"
VM02 "Blockerar ändringar av filer och inställningar för VMWare Workstation"
VM03 "Blockerar ändringar av filer och inställningar för VMWare Server"
VM04 "Blockerar ändringar av filer för virtuella maskiner i VMWare"
}}
AccessProtection { Strings 0402 {
G_010_AntiSpyOn "防间谍程序标准保护"
G_020_AntiSpyOff "防间谍程序最大保护"
G_030_AntiVirusOn "防病毒标准保护"
G_040_AntiVirusOff "防病毒最大保护"
G_050_Outbreak "防病毒爆发控制"
G_060_CommonOn "通用标准保护"
G_070_CommonOff "通用最大保护"
G_080_VM "虚拟机保护"
G_User "用户定义的规则"
ASO01 "保护 Internet Explorer 收藏夹和设置"
ASW01 "禁止安装新的 CLSID、APPID 和 TYPELIB"
ASW02 "禁止所有程序从 Temp 文件夹运行文件"
ASW03 "禁止从 Temp 文件夹执行脚本"
AVO02 "禁止禁用注册表编辑器和任务管理器"
AVO03 "禁止更改用户权限策略"
AVO04 "禁止远程创建/修改可执行文件和配置文件"
AVO05 "禁止远程创建自动运行文件"
AVO06 "禁止拦截 .EXE 和其他可执行文件扩展名"
AVO07 "禁止 Svchost 执行非 Windows 可执行文件"
AVO08 "禁止伪装 Windows 进程"
AVO09 "保护电话簿文件免受密码和电子邮件地址窃贼的攻击"
AVO10 "禁止群发邮件蠕虫发送邮件"
AVO11 "禁止 IRC 通信"
AVO12 "禁止使用 tftp.exe"
AVW01 "禁止更改所有文件扩展名的注册"
AVW02 "保护缓存文件免受密码和电子邮件地址窃贼的攻击"
CO01 "禁止修改 McAfee 文件和设置"
CO02 "禁止修改 McAfee Common Management Agent 文件和设置"
CO03 "禁止修改 McAfee 扫描引擎文件和设置"
CO04 "保护 Mozilla 及 FireFox 文件和设置"
CO05 "保护 Internet Explorer 设置"
CO06 "禁止安装 Browser Helper Objects 和 Shell Extensions"
CO12 "保护网络设置"
CO13 "禁止公用程序从 Temp 文件夹运行文件"
COSP "防止终止 McAfee 进程"
CW01a "禁止将程序注册为自动运行"
CW01b "禁止将程序注册为服务"
CW02a "禁止在 Windows 文件夹中创建新的可执行文件"
CW02b "禁止在 Program Files 文件夹中创建新的可执行文件"
CW04 "禁止从 Downloaded Program Files 文件夹启动文件"
CW05 "禁止 FTP 通信"
CW06 "禁止 HTTP 通信"
OB01 "将所有共享项设为只读"
OB02 "阻止对所有共享资源的读写访问"
VM01 "防止终止 VMWare 进程"
VM02 "禁止修改 VMWare Workstation 文件和设置"
VM03 "禁止修改 VMWare Server 文件和设置"
VM04 "禁止修改 VMWare 虚拟机文件"
}}