ftp.morenci.k12.mi.us

home *** CD-ROM | disk | FTP | other *** search

/ ftp.morenci.k12.mi.us / ftp.morenci.k12.mi.us.tar / ftp.morenci.k12.mi.us / McAfee v8.7i.zip / vse870.msi / vscan.bof / vscan.bof

Wrap

Text File | 2009-10-22 | 110KB | 1,938 lines

#422 mferulesign1=MIIGowYJKoZIhvcNAQcCoIIGlDCCBpACAQExDjAMBggqhkiG9w0CBQUAMAsGCSqGSIb3DQEHAaCCBPUwggTxMIID2aADAgECAhA1TRrJIK2/gfIbfLd66YSAMA0GCSqGSIb3DQEBBQUAMIG0MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTA0MS4wLAYDVQQDEyVWZXJpU2lnbiBDbGFzcyAzIENvZGUgU2lnbmluZyAyMDA0IENBMB4XDTA3MDkwNzAwMDAwMFoXDTA4MTAwOTIzNTk1OVowgbQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEVMBMGA1UEChQMTWNBZmVlLCBJbmMuMT4wPAYDVQQLEzVEaWdpdGFsIElEIENsYXNzIDMgLSBNaWNyb3NvZnQgU29mdHdhcmUgVmFsaWRhdGlvbiB2MjEMMAoGA1UECxQDSUlTMRUwEwYDVQQDFAxNY0FmZWUsIEluYy4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMmmc4/woe50JGeSRJS1lv3mLwm9Um1n8mvohedKU/p0+vRuEDk8QZ71t8Mjww37Q60oHGrgHKzSm7hi6w+wgvX+gRPpf9SHcG2niVM9Rec26peHZSEwwVnhoM7d684HwMz3zEP0JfH7BfR/H9QCeEzMyhpsVo4YoOHxWcU7Y5EFAgMBAAGjggF/MIIBezAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vQ1NDMy0yMDA0LWNybC52ZXJpc2lnbi5jb20vQ1NDMy0yMDA0LmNybDBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwMwdQYIKwYBBQUHAQEEaTBnMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPwYIKwYBBQUHMAKGM2h0dHA6Ly9DU0MzLTIwMDQtYWlhLnZlcmlzaWduLmNvbS9DU0MzLTIwMDQtYWlhLmNlcjAfBgNVHSMEGDAWgBQI9VHo+/49PWQ2fGjPW3io37nFNzARBglghkgBhvhCAQEEBAMCBBAwFgYKKwYBBAGCNwIBGwQIMAYBAQABAf8wDQYJKoZIhvcNAQEFBQADggEBACL+ZIkqIR8bboVYP4LU4diXT87CwJKA3uA6R9UUmwvkCmyPGN64X7Iiu0A5t4QnnYTY1CFBmBenPc3P84EvX1ri/fl8yDhjq9EWrnvagWKfX7Mh9TKCm1Avqr5fnSE2Pk5Xpoq64yHeDjHIeqeo3JBU4Wjtilko329I9mxDDjMKYCeMlObp9OqH9rv1Lt+hmtiwDfYmApHiz1j7eLmwUSQ3Q5lV/DN8sAL1fw3BT14lC+KYncB1Ywl/Od4hf9Hq2j/dK82hCjMM6ncoglGLsIQZRgOpxPXEz+m3pKkeDFlCsR9o5YbrPq+uvolDXzQRRp1Ms6LY4H6PXvToR79JctwxggFzMIIBbwIBATCByTCBtDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNDEuMCwGA1UEAxMlVmVyaVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAwNCBDQQIQNU0aySCtv4HyG3y3eumEgDAMBggqhkiG9w0CBQUAMA0GCSqGSIb3DQEBAQUABIGAJ8GQ4clA5KzVuzjVKIy2fGxOdHP+xmSbicBlD2FBmIdE+6fbU1bIOGdfmildHSgxvJKkT2ZQ8OGA+6jOBtoGAQlljgb2+9YNeirF9ufuphTh8hRYLdVDqP7ija+qjnnjFm5mrN3n1ZhyfFxNNrEikjoluOnbM9cp9WDX3JBIMA4= Rule { Class Buffer_Overflow; Id 1; level 4; application { Include "*\\iexplore.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 2; level 4; application { Include "*\\msimn.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 3; level 4; application { Include "*\\svchost.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 4; level 4; application { Include "*\\explorer.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 5; level 4; application { Include "*\\mapisp32.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 6; level 4; application { Include "*\\ftp.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 7; level 4; application { Include "*\\services.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 8; level 4; application { Include "*\\lsass.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 9; level 4; application { Include "*\\inetinfo.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 10; level 4; application { Include "*\\outlook.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 11; level 4; application { Include "*\\wmplayer.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 12; level 4; application { Include "*\\mplayer2.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 13; level 4; application { Include "*\\rpcss.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 14; level 4; application { Include "*\\msmsgs.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 15; level 4; application { Include "*\\winword.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 16; level 4; application { Include "*\\excel.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 17; level 4; application { Include "*\\mstask.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 18; level 4; application { Include "*\\powerpnt.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 19; level 4; application { Include "*\\msaccess.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 20; level 4; application { Include "*\\visio32.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 21; level 4; application { Include "*\\wuauclt.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 22; level 4; application { Include "*\\sqlservr.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 23; level 4; application { Include "*\\dllhost.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 24; level 4; application { Include "*\\VSEBOTest.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 25; level 4; application { Include "*\\w3wp.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 26; level 4; application { Include "*\\EventParser.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 27; level 4; application { Include "*\\NaiMServ.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 28; level 4; application { Include "*\\SrvMon.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 29; level 4; application { Include "*\\naPrdMgr.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 30; level 4; application { Include "*\\winzip32.exe" }; directives bo:stack bo:heap } Rule { Class Buffer_Overflow; Id 31; level 4; application { Include "*\\amgrsrvc.exe" }; directives bo:stack bo:heap } ifndef programfiles { regval programfiles "HKLM/software/microsoft/windows/currentversion" programfilesdir } ifndef programfiles { set programfiles "\\:::" } ifndef commonprogramfiles { set commonprogramfiles "${programfiles}\\common" } regval programfiles_x86 "HKLM/software/microsoft/windows/currentversion" "programfilesdir (x86)" ifndef programfiles_x86 { set programfiles_x86 "${programfiles}" } regval commonprogramfiles_x86 "HKLM/software/microsoft/windows/currentversion" "commonfilesdir (x86)" ifndef commonprogramfiles_x86 { set commonprogramfiles_x86 "${programfiles_x86}\\common" } ifndef applicationdata { regval applicationdata "HKLM/software/microsoft/windows/currentversion/explorer/shell folders" "Common AppData" } ifndef vseinstalldir { regval vseinstalldir "HKLM/software/mcafee/desktopprotection" szInstallDir } ifndef vseinstalldir { regval vseinstalldir "HKLM/software/wow6432node/mcafee/desktopprotection" szInstallDir } ifndef vseinstalldir { set vseinstalldir "\\:::" } ifndef vsesapinstalldir { regval vsesapinstalldir "HKLM/software/mcafee/vsesap" szInstallDir } ifndef vsesapinstalldir { regval vsesapinstalldir "HKLM/software/wow6432node/mcafee/vsesap" szInstallDir } ifndef vsesapinstalldir { set vsesapinstalldir "\\:::" } ifndef vsestoinstalldir { regval vsestoinstalldir "HKLM/software/mcafee/vses" szInstallDir } ifndef vsestoinstalldir { regval vsestoinstalldir "HKLM/software/wow6432node/mcafee/vses" szInstallDir } ifndef vsestoinstalldir { set vsestoinstalldir "\\:::" } ifndef vseoviinstalldir { regval vseoviinstalldir "HKLM/software/mcafee/vsev" szInstallDir } ifndef vseoviinstalldir { regval vseoviinstalldir "HKLM/software/wow6432node/mcafee/vsev" szInstallDir } ifndef vseoviinstalldir { set vseoviinstalldir "\\:::" } ifndef avenginedir32 { regval avenginedir32 "HKLM/software/mcafee/avengine" szInstallDir32 } ifndef avenginedir32 { regval avenginedir32 "HKLM/software/wow6432node/mcafee/avengine" szInstallDir32 } ifndef avenginedir32 { set avenginedir32 "${commonprogramfiles_x86}\\mcafee\\Engine\\" } ifndef avenginedir64 { regval avenginedir64 "HKLM/software/mcafee/avengine" szInstallDir64 } ifndef avenginedir64 { regval avenginedir64 "HKLM/software/wow6432node/mcafee/avengine" szInstallDir64 } ifndef avenginedir64 { set avenginedir64 "${commonprogramfiles_x86}\\mcafee\\Engine\\" } ifndef vmwareworkstationinstalldir { regval vmwareworkstationinstalldir "HKLM/software/VMware, Inc./VMware Workstation" InstallPath } ifndef vmwareworkstationinstalldir { set vmwareworkstationinstalldir "${programfiles_x86}\\VMWare\\" } ifndef vmwareserverinstalldir { regval vmwareserverinstalldir "HKLM/software/VMware, Inc./VMware Server" InstallPath } ifndef vmwareserverinstalldir { set vmwareserverinstalldir "${programfiles_x86}\\VMWare\\" } BufferOverflowProtection { ProcessInclude amgrsrvc.exe ProcessInclude bo.exe ProcessInclude botest.exe ProcessInclude botest2.exe ProcessInclude dllhost.exe ProcessInclude eventparser.exe ProcessInclude excel.exe ProcessInclude explorer.exe ProcessInclude frameworkservice.exe ProcessInclude ftp.exe ProcessInclude iexplore.exe ProcessInclude inetinfo.exe ProcessInclude lsass.exe ProcessInclude mapisp32.exe ProcessInclude mplayer2.exe ProcessInclude msaccess.exe ProcessInclude msimn.exe ProcessInclude msmsgs.exe ProcessInclude mstask.exe ProcessInclude naimserv.exe ProcessInclude naprdmgr.exe ProcessInclude outlook.exe ProcessInclude powerpnt.exe ProcessInclude rpcss.exe ProcessInclude services.exe ProcessInclude sqlservr.exe ProcessInclude srvmon.exe ProcessInclude svchost.exe ProcessInclude visio32.exe ProcessInclude VSCoreBOPTest ProcessInclude vsebotest.exe ProcessInclude w3wp.exe ProcessInclude winword.exe ProcessInclude winzip32.exe ProcessInclude wmplayer.exe ProcessInclude wuauclt.exe Exception * * H 2000.01.01 2030.01.01 MSCOREE Exception * * H 2000.01.01 2030.01.01 LICDLL Export NTDLL.NtCreateFile 11 0xC0000022 Export NTDLL.NtProtectVirtualMemory 5 0xC0000022 Export NTDLL.NtCreateProcess 8 0xC0000022 Export KERNEL32.CreateFileA 7 -1 Export KERNEL32.CreateFileW 7 -1 Export KERNEL32.CreateNamedPipeA 8 -1 Export KERNEL32.CreateNamedPipeW 8 -1 Export KERNEL32.LoadLibraryA 1 0 Export KERNEL32.LoadLibraryW 1 0 Export KERNEL32.LoadLibraryExA 3 0 Export KERNEL32.LoadLibraryExW 3 0 Export KERNEL32.VirtualProtect 4 0 Export KERNEL32.VirtualProtectEx 5 0 Export KERNEL32.CreatePipe 4 0 Export KERNEL32.GetStartupInfoA 1 0 Export KERNEL32.GetStartupInfoW 1 0 Export KERNEL32.WinExec 2 0 Export KERNEL32.CreateProcessA 10 0 Export KERNEL32.CreateProcessW 10 0 Export KERNEL32.GetProcAddress 2 0 Export ADVAPI32.RegOpenKeyA 3 5 Export ADVAPI32.RegOpenKeyW 3 5 Export ADVAPI32.RegOpenKeyExA 5 5 Export ADVAPI32.RegOpenKeyExW 5 5 Export ADVAPI32.RegCreateKeyA 3 5 Export ADVAPI32.RegCreateKeyW 3 5 Export ADVAPI32.RegCreateKeyExA 9 5 Export ADVAPI32.RegCreateKeyExW 9 5 Export WININET.InternetOpenA 5 0 Export WININET.InternetOpenW 5 0 Export WININET.InternetOpenUrlA 6 0 Export WININET.InternetOpenUrlW 6 0 Export WS2_32.socket 3 0 Export MSVCRT._open 0 -1 Export MSVCRT._wopen 0 -1 Export MSVCRT._creat 0 -1 Export MSVCRT._wcreat 0 -1 Export MSVCRT.system 0 -1 Export MSVCRT._wsystem 0 -1 } Product ANTISPYW* { OnAccessScanner { DontScan RW { Process { Include fssm32.exe Include avengine.exe pavsrv50.exe avtask.exe Include rtvscan.exe doscan.exe dwhwizrd.exe Include navapsvc.exe navw32.exe Include inort.exe inocit.exe Include avp32.exe avpm.exe Include ntrtscan.exe pccnt.exe Include monsysnt.exe v3medic.exe Include sweepsrv.sys savservice.exe } File { Include ** } } SkipDriver { Include otman5 Include symevent Include "F-Secure Filter" Include "F-Secure Recognizer" } }} OnAccessScanner { DontScan RW { Process { Include "${windir}\\system32\\mssearch.exe" Include "${windir}\\system32\\mssfh.exe" Include "${windir}\\system32\\mssdmn.exe" Include "${windir}\\system32\\winfs\\winfs.exe" Include "${windir}\\system32\\searchindexer.exe" } File { Include ** } } } Product PRESCAN* { ifndef programfiles { regval programfiles "HKLM/software/microsoft/windows/currentversion" programfilesdir } ifndef programfiles { set programfiles "\\:::" } ifndef commonprogramfiles { set commonprogramfiles "${programfiles}\\common" } regval programfiles_x86 "HKLM/software/microsoft/windows/currentversion" "programfilesdir (x86)" ifndef programfiles_x86 { set programfiles_x86 "${programfiles}" } regval commonprogramfiles_x86 "HKLM/software/microsoft/windows/currentversion" "commonfilesdir (x86)" ifndef commonprogramfiles_x86 { set commonprogramfiles_x86 "${programfiles_x86}\\common" } ifndef applicationdata { regval applicationdata "HKLM/software/microsoft/windows/currentversion/explorer/shell folders" "Common AppData" } regval shortprogramfile "HKLM/software/mcafee/ap" "ProgramFilesDir" ifndef shortprogramfile { set shortprogramfile "\\:::" } regval shortprogramfile_x86 "HKLM/software/mcafee/ap" "ProgramFilesDir (x86)" ifndef shortprogramfile_x86 { set shortprogramfile_x86 "${shortprogramfile}" } regval shortcommonfile "HKLM/software/mcafee/ap" "CommonFilesDir" ifndef shortcommonfile { set shortcommonfile "\\:::" } regval shortcommonfile_x86 "HKLM/software/mcafee/ap" "CommonFilesDir (x86)" ifndef shortcommonfile_x86 { set shortcommonfile_x86 "${shortcommonfile}" } regval downloadfiledir "HKLM/software/McAfeeInstaller/AP" "DownloadFileDir" ifndef downloadfiledir { set downloadfiledir "\\:::" } regval installfiledir "HKLM/software/McAfeeInstaller/AP" "InstallFileDir" ifndef installfiledir { set installfiledir "\\:::" } AccessProtection { Enforce G_060_CommonOn 1 Report G_060_CommonOn 1 Rule CO01 G_060_CommonOn { Description "Prevent modification of McAfee files and settings" Enforce 1 Report 1 Process { Include * Exclude "${programfiles}/mcafee/**.exe" Exclude "${programfiles}/mcafee.com/**.exe" Exclude "${programfiles_x86}/mcafee/**.exe" Exclude "${programfiles_x86}/mcafee.com/**.exe" Exclude "${commonprogramfiles}/mcafee/**.exe" Exclude "${shortcommonfile}/mcafee/**.exe" Exclude "${shortcommonfile_x86}/mcafee/**.exe" Exclude "${shortprogramfile}/mcafee/**.exe" Exclude "${shortprogramfile}/mcafee.com/**.exe" Exclude "${shortprogramfile_x86}/mcafee/**.exe" Exclude "${shortprogramfile_x86}/mcafee.com/**.exe" Exclude "install.exe" Exclude "mcinst.exe" Exclude "regsvr32.exe" Exclude "services.exe" } Key CWD { Include "HKLMS/McAfee/**" Include "HKLMS/McAfee.com/**" Include "HKCUS/McAfeeInstaller/**" } Key D { Include "HKCCS/Services/McAfee SiteAdvisor Service/**" Include "HKCCS/Services/mcmscsvc/**" Include "HKCCS/Services/McNaiAnn/**" Include "HKCCS/Services/McNASvc/**" Include "HKCCS/Services/McODS/**" Include "HKCCS/Services/McProxy/**" Include "HKCCS/Services/McShield/**" Include "HKCCS/Services/Mfeapfk/**" Include "HKCCS/Services/Mfeavfk/**" Include "HKCCS/Services/Mfebopk/**" Include "HKCCS/Services/Mfefire/**" Include "HKCCS/Services/Mfefirek/**" Include "HKCCS/Services/Mfehidk/**" Include "HKCCS/Services/Mfendisk/**" Include "HKCCS/Services/Mfendiskmp/**" Include "HKCCS/Services/Mferkdet/**" Include "HKCCS/Services/Mfevtp/**" Include "HKCCS/Services/Mfewfpk/**" Include "HKCCS/Services/MPFP/**" Include "HKCCS/Services/MpfService/**" Include "HKCCS/Services/MSK80Service/**" Include "HKCCS/Services/MSKSSRV/**" } Value CWD { Include "HKCCS/Services/McNaiAnn/**:*" Include "HKCCS/Services/McNASvc/**:*" Include "HKCCS/Services/McShield/**:*" Include "HKCCS/Services/McODS/**:*" Include "HKCCS/Services/Mfeapfk/**:*" Include "HKCCS/Services/Mfeavfk/**:*" Include "HKCCS/Services/Mfebopk/**:*" Include "HKCCS/Services/Mfefire/**:*" Include "HKCCS/Services/Mfefirek/**:*" Include "HKCCS/Services/Mfehidk/**:*" Include "HKCCS/Services/Mfendisk/**:*" Include "HKCCS/Services/Mfendiskmp/**:*" Include "HKCCS/Services/mferkdet/**:*" Include "HKCCS/Services/Mfevtp/**:*" Include "HKCCS/Services/Mfewfpk/**:*" Include "HKCCS/Services/McAfee SiteAdvisor Service/**:*" Include "HKCCS/Services/mcmscsvc/**:*" Include "HKCCS/Services/McProxy/**:*" Include "HKCCS/Services/MPFP/**:*" Include "HKCCS/Services/MpfService/**:*" Include "HKCCS/Services/MSK80Service/**:*" Include "HKCCS/Services/MSKSSRV**:*" Include "HKLMS/McAfee/**:*" Include "HKLMS/McAfee.com/**:*" Include "HKCUS/McafeeInstaller/**:*" } File CWD { Include "${windir}/system32/drivers/mfe*.sys" Include "${programfiles}/mcafee/**" Include "${programfiles}/mcafee.com/**" Include "${programfiles_x86}/mcafee/**" Include "${programfiles_x86}/mcafee.com/**" Include "${commonprogramfiles}/mcafee/**" Include "${commonprogramfiles_x86}/mcafee/**" Include "${installfiledir}/*" Include "${installfiledir}/**/*" Include "${downloadfiledir}/*" Include "${downloadfiledir}/**/*" Include "${applicationdata}/mcafee/**" Exclude "${applicationdata}/mcafee/mclogs/**" Exclude "${applicationdata}/mcafee/temp/**" } ProtectProcess { Include "${commonprogramfiles}\\mcafee\\systemcore\\mcshield.exe" Include "${commonprogramfiles}\\mcafee\\systemcore\\mfefire.exe" Include "${commonprogramfiles}\\mcafee\\systemcore\\mfevtps.exe" Include "${installfiledir}\\SelfProtect\\Win32\\aploader.exe" Include "${installfiledir}\\SelfProtect\\Win64\\aploader.exe" } } } } Product VSO* { regval shortprogramfile "HKLM/software/mcafee/ap" "ProgramFilesDir" ifndef shortprogramfile { set shortprogramfile "\\:::" } regval shortprogramfile_x86 "HKLM/software/mcafee/ap" "ProgramFilesDir (x86)" ifndef shortprogramfile_x86 { set shortprogramfile_x86 "${shortprogramfile}" } regval shortcommonfile "HKLM/software/mcafee/ap" "CommonFilesDir" ifndef shortcommonfile { set shortcommonfile "\\:::" } regval shortcommonfile_x86 "HKLM/software/mcafee/ap" "CommonFilesDir (x86)" ifndef shortcommonfile_x86 { set shortcommonfile_x86 "${shortcommonfile}" } AccessProtection { Enforce G_060_CommonOn 1 Report G_060_CommonOn 1 Rule CO01 G_060_CommonOn { Description "Prevent modification of McAfee files and settings" Enforce 1 Report 1 Process { Include * Exclude "${programfiles}/mcafee/**.exe" Exclude "${programfiles}/mcafee.com/**.exe" Exclude "${programfiles_x86}/mcafee/**.exe" Exclude "${programfiles_x86}/mcafee.com/**.exe" Exclude "${commonprogramfiles}/mcafee/**.exe" Exclude "${shortcommonfile}/mcafee/**.exe" Exclude "${shortcommonfile_x86}/mcafee/**.exe" Exclude "${shortprogramfile}/mcafee/**.exe" Exclude "${shortprogramfile}/mcafee.com/**.exe" Exclude "${shortprogramfile_x86}/mcafee/**.exe" Exclude "${shortprogramfile_x86}/mcafee.com/**.exe" Exclude "${applicationdata}/mcafee/msk/**" Exclude "install.exe" Exclude "mcinst.exe" Exclude "regsvr32.exe" Exclude "services.exe" } Key CWD { Include "HKLMS/McAfee/**" Include "HKLMS/McAfee.com/**" } Key D { Include "HKCCS/Services/McAfee SiteAdvisor Service/**" Include "HKCCS/Services/mcmscsvc/**" Include "HKCCS/Services/McNaiAnn/**" Include "HKCCS/Services/McNASvc/**" Include "HKCCS/Services/McODS/**" Include "HKCCS/Services/McProxy/**" Include "HKCCS/Services/McShield/**" Include "HKCCS/Services/Mfeapfk/**" Include "HKCCS/Services/Mfeavfk/**" Include "HKCCS/Services/Mfebopk/**" Include "HKCCS/Services/Mfefire/**" Include "HKCCS/Services/Mfefirek/**" Include "HKCCS/Services/Mfehidk/**" Include "HKCCS/Services/Mfendisk/**" Include "HKCCS/Services/Mfendiskmp/**" Include "HKCCS/Services/Mferkdet/**" Include "HKCCS/Services/Mfevtp/**" Include "HKCCS/Services/Mfewfpk/**" Include "HKCCS/Services/MPFP/**" Include "HKCCS/Services/MpfService/**" Include "HKCCS/Services/MSK80Service/**" Include "HKCCS/Services/MSKSSRV/**" } Value CWD { Include "HKCCS/Services/McNaiAnn/**:*" Include "HKCCS/Services/McNASvc/**:*" Include "HKCCS/Services/McShield/**:*" Include "HKCCS/Services/McODS/**:*" Include "HKCCS/Services/Mfeapfk/**:*" Include "HKCCS/Services/Mfeavfk/**:*" Include "HKCCS/Services/Mfebopk/**:*" Include "HKCCS/Services/Mfefire/**:*" Include "HKCCS/Services/Mfefirek/**:*" Include "HKCCS/Services/Mfehidk/**:*" Include "HKCCS/Services/Mfendisk/**:*" Include "HKCCS/Services/Mfendiskmp/**:*" Include "HKCCS/Services/mferkdet/**:*" Include "HKCCS/Services/Mfevtp/**:*" Include "HKCCS/Services/Mfewfpk/**:*" Include "HKCCS/Services/McAfee SiteAdvisor Service/**:*" Include "HKCCS/Services/mcmscsvc/**:*" Include "HKCCS/Services/McProxy/**:*" Include "HKCCS/Services/MPFP/**:*" Include "HKCCS/Services/MpfService/**:*" Include "HKCCS/Services/MSK80Service/**:*" Include "HKCCS/Services/MSKSSRV**:*" Include "HKLMS/McAfee/**:*" Include "HKLMS/McAfee.com/**:*" } File CWD { Include "${windir}/system32/drivers/mfe*.sys" Include "${programfiles}/mcafee/**" Include "${programfiles}/mcafee.com/**" Include "${programfiles_x86}/mcafee/**" Include "${programfiles_x86}/mcafee.com/**" Include "${commonprogramfiles}/mcafee/**" Include "${commonprogramfiles_x86}/mcafee/**" Include "${applicationdata}/mcafee/**" Exclude "${applicationdata}/mcafee/mclogs/**" Exclude "${applicationdata}/mcafee/temp/**" Exclude "${applicationdata}/mcafee/msk/**" Exclude "${programfiles}/McAfee/MSK/apf/**" } ProtectProcess { Include "${commonprogramfiles}\\mcafee\\systemcore\\mcshield.exe" Include "${commonprogramfiles}\\mcafee\\systemcore\\mfefire.exe" Include "${commonprogramfiles}\\mcafee\\systemcore\\mfevtps.exe" } } } } Product VIRUSCAN8* { AccessProtection { Group G_User Enforce G_060_CommonOn 1 Report G_060_CommonOn 1 Enforce G_070_CommonOff 1 Report G_070_CommonOff 1 Enforce G_User 1 Report G_User 1 Enforce G_Private 1 Report G_Private 0 Strings 09 { G_010_AntiSpyOn "Anti-spyware Standard Protection" G_020_AntiSpyOff "Anti-spyware Maximum Protection" G_030_AntiVirusOn "Anti-virus Standard Protection" G_040_AntiVirusOff "Anti-virus Maximum Protection" G_050_Outbreak "Anti-virus Outbreak Control" G_060_CommonOn "Common Standard Protection" G_070_CommonOff "Common Maximum Protection" G_080_VM "Virtual Machine Protection" G_User "User-defined Rules" G_Private "Product Private Rules" } Rule CO01 G_060_CommonOn { Description "Prevent modification of McAfee files and settings" Process { Include * Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe vstskmgr.exe scan32.exe scan64.exe scncfg32.exe shcfg32.exe shstat.exe mcupdate.exe mcconsol.exe ncdaemon.exe mfeann.exe mfehidin.exe csscan.exe mcshield.exe restartVSE.exe mcadmin.exe EngineServer.exe VirusScanAdvancedServer.exe vmscan.exe RSSensor.exe MPEScanner.exe firesvc.exe scanner.exe FireTray.exe McAfeeFire.exe amgrcnfg.exe SiteAdv.exe RPCServ.EXE HipManage.exe FCAGT.exe SAFeService.exe TBMon.exe dbinit.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* svchost.exe regsvc.exe mmc.exe winlogon.exe services.exe vscan_rfc.exe jlaunch.exe } File CWD { Include "${programfiles_x86}/mcafee/DesktopProtection/**" Include "${programfiles_x86}/mcafee/AntiSpyware/**" Include "${programfiles_x86}/mcafee/AntiSpyware Enterprise/**" Include "${vseinstalldir}**" Include "${vsesapinstalldir}**" Include "${vsestoinstalldir}**" Include "${vseoviinstalldir}**" Include "${windir}/system32/drivers/mfe*.sys" Include "${windir}/system32/mfevtps.exe" Exclude "${programfiles_x86}/mcafee/AntiSpyware Enterprise/MID/ASECFG.CAB" Exclude "${vseinstalldir}MID/VSECFG*.CAB" } Key D { Include "HKLMS/McAfee" Include "HKLMS/McAfee/DesktopProtection" Include "HKLMS/McAfee/VSCore" Include "HKLMS/McAfee/VSCore/NVP" Include "HKLMS/McAfee/On Access Scanner/McShield/Configuration/*" } Key CWD { Include "HKLMS/McAfee/vscore/**" Exclude "HKLMS/MCAFEE/VSCORE/ALERT CLIENT/VSE" } Key D { Include "HKCCS/Services/McShield/**" Include "HKCCS/Services/McTaskManager/**" Include "HKCCS/Services/Mfeapfk/**" Include "HKCCS/Services/Mfetdik/**" Include "HKCCS/Services/Mfeavfk/**" Include "HKCCS/Services/Mfebopk/**" Include "HKCCS/Services/Mfehidk/**" Include "HKCCS/Services/Mferkdk/**" Include "HKCCS/Services/Mferkdet/**" Include "HKCCS/Services/Mfevmgk/**" Include "HKCCS/Services/Mfevtp/**" } Value CWD { Include "HKCCS/Services/McShield:*" Include "HKCCS/Services/McShield/Enum:*" Include "HKCCS/Services/McShield/Security:*" Include "HKCCS/Services/McTaskManager:*" Include "HKCCS/Services/McTaskManager/Enum:*" Include "HKCCS/Services/McTaskManager/Security:*" Include "HKCCS/Services/Mfeapfk:*" Include "HKCCS/Services/Mfeapfk/Enum:*" Include "HKCCS/Services/Mfeapfk/Security:*" Include "HKCCS/Services/Mfetdik:*" Include "HKCCS/Services/Mfetdik/Enum:*" Include "HKCCS/Services/Mfetdik/Security:*" Include "HKCCS/Services/Mfeavfk:*" Include "HKCCS/Services/Mfeavfk/Enum:*" Include "HKCCS/Services/Mfeavfk/Security:*" Include "HKCCS/Services/Mfebopk:*" Include "HKCCS/Services/Mfebopk/Enum:*" Include "HKCCS/Services/Mfebopk/Security:*" Include "HKCCS/Services/Mfehidk:*" Include "HKCCS/Services/Mfehidk/Enum:*" Include "HKCCS/Services/Mfehidk/Security:*" Include "HKCCS/Services/Mferkdk:*" Include "HKCCS/Services/Mferkdk/Enum:*" Include "HKCCS/Services/Mferkdk/Security:*" Include "HKCCS/Services/Mferkdet:*" Include "HKCCS/Services/Mferkdet/Enum:*" Include "HKCCS/Services/Mferkdet/Security:*" Include "HKCCS/Services/Mfevmgk:*" Include "HKCCS/Services/Mfevmgk/Enum:*" Include "HKCCS/Services/Mfevmgk/Security:*" Include "HKCCS/Services/Mfevtp:*" Include "HKCCS/Services/Mfevtp/Enum:*" Include "HKCCS/Services/Mfevtp/Security:*" } Key CWD { Include "HKLMS/McAfee/DesktopProtection/**" Include "HKULMS/Microsoft/Windows/CurrentVersion/Policies/Explorer/DisallowRun/**" Include "HKLMS/McAfee/VSAS/**" } } Rule CO02 G_060_CommonOn { Description "Prevent modification of McAfee Common Management Agent files and settings" Process { Include * Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* RSSensor.exe MPEScanner.exe firesvc.exe scanner.exe FireTray.exe McAfeeFire.exe amgrcnfg.exe SiteAdv.exe RPCServ.EXE HipManage.exe FCAGT.exe SAFeService.exe TBMon.exe dbinit.exe cqmghost.exe services.exe vstskmgr.exe mcconsol.exe } Key CWD { Include "HKLMS/Network Associates/ePolicy Orchestrator" Include "HKLMS/Network Associates/TVD/Shared Components/Framework" Include "HKLMS/McAfee/McTray/**" Include "HKCCS/Services/McAfeeFramework/**" } File CWD { Include "${ALLUSERSPROFILE}/*/Network Associates/Common Framework/**" Include "${ALLUSERSPROFILE}/*/McAfee/Common Framework/**" Include "${programfiles_x86}/McAfee/Common Framework/**" Include "${programfiles_x86}/network associates/Common Framework/**" Include "${commonprogramfiles_x86}/Cisco Systems/CiscoTrustAgent/plugins/**" } } Rule CO03 G_060_CommonOn { Description "Prevent modification of McAfee Scan Engine files and settings" Process { Include * Exclude rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* msiexec.exe svchost.exe regsvc.exe msi*.tmp mcscript* mcupdate.exe mue_inuse.exe sdat*.exe scan32.exe scan64.exe engineserver.exe vmscan.exe } Key D { Include "HKLMS/McAfee/AVEngine" } Value CWD { Include "HKLMS/McAfee/AVEngine:DAT" Include "HKLMS/McAfee/AVEngine:szInstallDir" Include "HKLMS/McAfee/AVEngine:szInstallDir32" Include "HKLMS/McAfee/AVEngine:szInstallDir64" } File CWD { Include "${avenginedir32}**" Include "${avenginedir64}**" Exclude "extra.dat" } } Rule COSP G_060_CommonOn { Description "Prevent termination of McAfee processes" Process { Include * Exclude "**/system32/csrss.exe" frameworks*.exe frminst.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe mcscript_inuse.exe WerFault.exe } ProtectProcess { Include vstskmgr.exe scan32.exe scan64.exe scncfg32.exe shcfg32.exe shstat.exe mcupdate.exe mcconsol.exe ncdaemon.exe mfeann.exe mfehidin.exe csscan.exe mcshield.exe restartVSE.exe mcadmin.exe EngineServer.exe VirusScanAdvancedServer.exe vmscan.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe mfevtps.exe} } Rule CO04 G_060_CommonOn { Description "Protect Mozilla & FireFox files and settings" Enforce 0 Report 0 Process { Include * Exclude rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe firefox* mozilla* thunde*.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe Exclude siteadv.exe standaloneui.exe uninstall.exe } Key CWD { Include "HKLMS/Mozilla**" Include "HKCUS/Mozilla**" } File CWD { Include "**/Mozilla*/**" } } Rule CO05 G_060_CommonOn { Description "Protect Internet Explorer settings" Enforce 0 Report 0 Process { Include * Exclude icwconn1.exe configui.exe lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe siteadv.exe } Value CWD { Include "HKULMS/Microsoft/Internet Explorer/Toolbar:\{*" } Value CWD { Include "HKULMS/Microsoft/Windows/CurrentVersion/URL/DefaultPrefix:@" Include "HKULMS/Microsoft/Windows/CurrentVersion/URL/Prefixes:*" } Value WD { Include "HKULMS/Microsoft/Internet Explorer/Main:Start Page" Include "HKULMS/Microsoft/Internet Explorer/Main:Default_Page_URL" Include "HKLMS/Microsoft/Windows/CurrentVersion/Internet Settings:ProxyServer" Include "HKULMS/Microsoft/Internet Explorer/Search:Search Assistant" Include "HKULMS/Microsoft/Internet Explorer/Search:CustomizeSearch" Include "HKULMS/Microsoft/Internet Explorer/Main:Search Bar" Include "HKULMS/Microsoft/Internet Explorer/Main:Search Page" Include "HKULMS/Microsoft/Internet Explorer/Main:Default_Search_URL" } } Rule CO06 G_060_CommonOn { Description "Prevent installation of Browser Helper Objects and Shell Extensions" Enforce 0 Report 0 Process { Include * Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe regsvcs.exe Exclude lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe vstskmgr.exe regsvr32.exe sysocmgr.exe siteadv.exe } Key CWD { Include "HKLMS/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects/**" Include "HKULMS/Microsoft/Windows/CurrentVersion/ShellServiceObjectDelayLoad" Include "HKLMS/Microsoft/Windows/CurrentVersion/Explorer/ShellExecuteHooks" Include "HKLMS/Microsoft/Windows/CurrentVersion/Shell Extensions/Approved" } } Rule CO12 G_060_CommonOn { Description "Protect network settings" Enforce 0 Report 0 Process { Include * Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* mfehidin.exe winmgmt.exe winlogon.exe svchost.exe services.exe setadapter.exe Exclude sr_gui.exe sr_service.exe fwkern.exe tcpsvcs.exe vstskmgr.exe frameworkservice.exe cvpnd.exe sysocmgr.exe wmiadap.exe Exclude SystemPropertiesComputerName.exe } Key CD { Include "HKCCS/Services/Winsock/**" Include "HKCCS/Services/tcpip/**" Include "HKCCS/Services/netbt/**" Exclude "HKCCS/Services/tcpip/Performance" Exclude "HKCCS/Services/tcpip/Parameters" Exclude "HKCCS/Services/netbt/Performance" } Value CWD { Include "HKCCS/Services/Winsock/**:*" Include "HKCCS/Services/tcpip/parameters:*" Include "HKCCS/Services/tcpip/**:*" Include "HKCCS/Services/netbt/**:*" } File CWD { Include "${windir}/system32/drivers/etc/hosts" } } Rule CO13 G_060_CommonOn { Description "Prevent common programs from running files from the Temp folder" Enforce 0 Report 1 Process { Include ${DefaultBrowser} ${DefaultEmailClient} explorer.exe iexplore.exe firefox.exe mozilla.exe netscp.exe opera.exe msn6.exe eudora.exe msimn.exe msn6.exe msnmsgr.exe neo20.exe nlnotes.exe outlook.exe pine.exe poco.exe thebat.exe thunde*.exe winpm-32.exe MAPISP32.exe VMIMB.EXE RESRCMON.EXE Owstimer.exe SPSNotific* WinMail.exe packager.exe winzip32.exe winrar.exe } File X { Include "**/temp*/**" Exclude "**/*.ico" Exclude "**/temp/*/FrmInst.exe" Exclude "**/\{718CF0D3-DCDF-428E-9F6C-258F065C8D6D\}/PiReg.exe" Exclude "**/\{718CF0D3-DCDF-428E-9F6C-258F065C8D6D\}/setlicense.exe" Exclude "**/Temp/iadhide?.dll" Exclude "**/Temp/NAVSetup.exe" Exclude "**/Temp/NAV/NAVSetup.exe" Exclude "**/hostload*.dll" Exclude "**/HostingInterfaceRes.dll" Exclude "**/HostingInputManagerLib.dll" Exclude "**/SiteAdv.exe" Exclude "**/SiteAdv.dll" } } Rule CW01a G_070_CommonOff { Description "Prevent programs registering to autorun" Enforce 0 Report 0 Process { Include * Exclude tbmon.exe msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe mmc.exe Exclude lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* frminst.exe } Value CW { Include "HKULMS/Microsoft/Windows NT/CurrentVersion/WinLogon:Shell" Include "HKULMS/Microsoft/Windows NT/CurrentVersion/Windows:Load" Include "HKLMS/Microsoft/Windows NT/CurrentVersion/Windows:AppInit_Dlls" Include "HKULMS/Microsoft/Windows/CurrentVersion/Run/**" Include "HKULMS/Microsoft/Windows/CurrentVersion/RunOnce/**" Include "HKULMS/Microsoft/Windows/CurrentVersion/RunOnceEx/**" Include "HKULMS/Microsoft/Windows/CurrentVersion/RunServices/**" Include "HKULMS/Microsoft/Windows/CurrentVersion/RunServicesOnce/**" Exclude "HKLMS/MICROSOFT/WINDOWS/CURRENTVERSION/RUN:MCAFEEFIRETRAY" } Key CW { Include "HKLMS/Microsoft/Windows NT/CurrentVersion/WinLogon/Notify" Include "HKLMS/Microsoft/Windows NT/CurrentVersion/WinLogon/Notify/*" Exclude "HKLMS/Microsoft/Windows NT/CurrentVersion/WinLogon/Notify/NAVLOGON" } File CRWX { Include "**/startup/**.exe" Include "**/startup/**.bat" Include "**/startup/**.scr" Include "**/startup/**.hta" Include "**/startup/**.pif" Include "**/startup/**.com" Exclude "**/startup/**server.exe" } } Rule CW01b G_070_CommonOff { Description "Prevent programs registering as a service" Enforce 0 Report 0 Process { Include * Exclude tbmon.exe mmc.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe Exclude frminst.exe } Key C { Include "HKCCS/Services/**" Exclude "HKCCS/Services/EventLog/Application/*" Exclude "HKCCS/Services/EventLog/Security/*" Exclude "HKCCS/Services/EventLog/System/*" Exclude "HKCCS/Services/NAIMServInst/**" Exclude "HKCCS/Services/traces/**" Exclude "HKCCS/Services/RegMon/**" Exclude "HKCCS/Services/FileMon/**" Exclude "HKCCS/Services/McAfeeFramework/**" Exclude "HKCCS/Services/W3SVC/PARAMETERS/**" Exclude "HKCCS/Services/Tcpip/Parameters/**" Exclude "HKCCS/Services/IDSINSTPRIVTEST/**" Exclude "HKCCS/Services/SNDSRVC/**" Exclude "HKCCS/Services/SYMEVENT/**" Exclude "HKCCS/Services/INTEL PDS/**" Exclude "HKCCS/Services/SYMIDSCO/**" Exclude "HKCCS/Services/SWEEPSRV.SYS/**" Exclude "HKCCS/Services/INTERCHECK FILTER/**" Exclude "HKCCS/Services/INTERCHECK CONTROL/**" Exclude "HKCCS/Services/SWEEPNET/**" Exclude "HKCCS/Services/INTERCHECK SUPPORT*/**" Exclude "HKCCS/Services/INORT/**" Exclude "HKCCS/Services/INOTASK/**" Exclude "HKCCS/Services/KAVMONITORSERVICE/**" Exclude "HKCCS/Services/AVPG/**" Exclude "HKCCS/Services/AVPCC/**" Exclude "HKCCS/Services/SQLAGENT\$PADMINISTRATOR/**" Exclude "HKCCS/Services/MSSQL\$PADMINISTRATOR/**" Exclude "HKCCS/Services/MSSQLSERVERADHELPER/**" Exclude "HKCCS/Services/PAVATSCHEDULER/**" Exclude "HKCCS/Services/PAVAGENTE/**" Exclude "HKCCS/Services/PAVREPORT/**" Exclude "HKCCS/Services/ADMINSERVER/**" Exclude "HKCCS/Services/PADFSVR/**" Exclude "HKCCS/Services/OFFICESCAN_MASTER_SETUP_SERVICE/**" Exclude "HKCCS/Services/APACHE2/**" Exclude "HKCCS/Services/OFCSERVICE/**" Exclude "HKCCS/Services/TMLISTEN/**" Exclude "HKCCS/Services/NTRTSCAN/**" Exclude "HKCCS/Services/VSAPINT/**" Exclude "HKCCS/Services/TMFILTER/**" Exclude "HKCCS/Services/OFCPFWSVC/**" Exclude "HKCCS/Services/TM_CFW/**" Exclude "HKCCS/Services/FIREHOOK/**" Exclude "HKCCS/Services/FIRESVC/**" Exclude "HKCCS/Services/FIRETDI/**" Exclude "HKCCS/Services/FIREPM/**" } } Rule CW02a G_070_CommonOff { Description "Prevent creation of new executable files in the Windows folder" Enforce 0 Report 0 Process { Include * Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* winlogon.exe Exclude mrtstub.exe Exclude mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe RSSensor.exe MPEScanner.exe firesvc.exe scanner.exe FireTray.exe McAfeeFire.exe amgrcnfg.exe SiteAdv.exe RPCServ.EXE HipManage.exe FCAGT.exe SAFeService.exe TBMon.exe dbinit.exe fssm32.exe Exclude tomcat.exe } File C { Include "${windir}/**.exe" Include "${windir}/**.dll" Exclude "${windir}/Downloaded Program Files/**" Exclude "**/framepkg.exe" Exclude "${windir}/SoftwareDistribution/Download/**" Exclude "${windir}/SoftwareDistribution/WebSetup/**" Exclude "${windir}/system32/muweb.dll" Exclude "${windir}/system32/wuweb.dll" Exclude "${windir}/system32/cdm.dll" Exclude "${windir}/system32/iuengine.dll" Exclude "${windir}/system32/wuapi.dll" Exclude "${windir}/system32/wuauclt.exe" Exclude "${windir}/system32/wuauclt1.exe" Exclude "${windir}/system32/wuaclt.exe" Exclude "${windir}/system32/wuaclt1.exe" Exclude "${windir}/system32/wuaueng.dll" Exclude "${windir}/system32/wuaueng1.dll" Exclude "${windir}/system32/wucltui.dll" Exclude "${windir}/system32/wups.dll" Exclude "${windir}/system32/wups2.dll" Exclude "${windir}/system32/FireNotify.dll" Exclude "${windir}/system32/FireCNL.dll" Exclude "${windir}/system32/FireCore.dll" Exclude "${windir}/system32/FireCL.dll" Exclude "${windir}/system32/FireEpo.dll" Exclude "${windir}/system32/FireNHC.dll" Exclude "${windir}/system32/FireSCV.dll" Exclude "${windir}/temp/ZDATAI51.DLL" Exclude "${windir}/temp/_WUTL951.DLL" } } Rule CW02b G_070_CommonOff { Description "Prevent creation of new executable files in the Program Files folder" Enforce 0 Report 0 Process { Include * Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* winlogon.exe Exclude mrtstub.exe Exclude mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe Exclude tomcat.exe } File C { Include "${programfiles}/**.exe" Include "${programfiles}/**.dll" Include "${programfiles_x86}/**.exe" Include "${programfiles_x86}/**.dll" Exclude "**/framepkg.exe" Exclude "${programfiles}/WindowsUpdate/**" Exclude "${CommonProgramFiles_x86}/InstallShield/engine/6/Intel 32/*" Exclude "${CommonProgramFiles_x86}/InstallShield/IScript/*" Exclude "${ProgramFiles_x86}/Network Associates/McAfee Desktop Firewall for Windows XP/*" Exclude "${ProgramFiles_x86}/Network Associates/McAfee Desktop Firewall for Windows XP/Resource/*/*" Exclude "${ProgramFiles_x86}/Network Associates/McAfee Desktop Firewall for Windows XP/Uninstall Information/*" Exclude "${CommonProgramFiles_x86}/Network Associates/TalkBack/*" Exclude "${ProgramFiles_x86}/Panda Software/**" Exclude "${ProgramFiles_x86}/Norton Antivirus/Quarantine/**" Exclude "${ProgramFiles_x86}/Trend Micro/**" } } Rule CW04 G_070_CommonOff { Description "Prevent launching of files from the Downloaded Program Files folder" Enforce 0 Report 1 Process { Include iexplore.exe } File X { Include "**/downloaded program files/**.exe"} } Rule CW05 G_070_CommonOff { Description "Prevent FTP communication" Enforce 0 Report 0 Process { Include * Exclude ${DefaultBrowser} explorer.exe iexplore.exe firefox.exe mozilla.exe netscp.exe opera.exe msn6.exe tomcat.exe tomcat5.exe tomcat5w.exe inetinfo.exe amgrsrvc.exe apache.exe webproxy.exe msexcimc.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe Exclude pasys* google* Exclude alg.exe ftp.exe agentnt.exe } Port OTU { Include 20 21 } } Rule CW06 G_070_CommonOff { Description "Prevent HTTP communication" Enforce 0 Report 0 Process { Include * Exclude ${DefaultBrowser} ${DefaultEmailClient} explorer.exe iexplore.exe firefox.exe mozilla.exe netscp.exe opera.exe msn6.exe tomcat.exe tomcat5.exe tomcat5w.exe inetinfo.exe amgrsrvc.exe apache.exe webproxy.exe msexcimc.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe eudora.exe msimn.exe msn6.exe msnmsgr.exe neo20.exe nlnotes.exe outlook.exe pine.exe poco.exe thebat.exe thunde*.exe winpm-32.exe MAPISP32.exe VMIMB.EXE RESRCMON.EXE Owstimer.exe SPSNotific* WinMail.exe msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe Exclude lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe Exclude alg.exe mobsync.exe waol.exe agentnt.exe svchost.exe runscheduled.exe pasys* google* backweb-* Exclude vmnat.exe devenv.exe windbg.exe jucheck.exe realplay.exe acrord32.exe acrobat.exe Exclude wfica32.exe mmc.exe mshta.exe dwwin.exe wmplayer.exe console.exe wuauclt.exe Exclude javaw.exe ccmexec.exe ntaskldr.exe winamp.exe realplay.exe quicktimeplaye* SiteAdv.exe McSACore.exe } Port OTU { Include 80 Include 443 } } } } Product ANTISPYW* { AccessProtection { Enforce G_010_AntiSpyOn 1 Report G_010_AntiSpyOn 1 Enforce G_020_AntiSpyOff 1 Report G_020_AntiSpyOff 1 Rule ASO01 G_010_AntiSpyOn { Description "Protect Internet Explorer favorites and settings" Enforce 0 Report 0 Process { Include * Exclude iexplore.exe rundll32.exe explorer.exe winlogon.exe ie4uinit.exe regsvr32.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe RSSensor.exe MPEScanner.exe firesvc.exe scanner.exe FireTray.exe McAfeeFire.exe amgrcnfg.exe SiteAdv.exe RPCServ.EXE HipManage.exe FCAGT.exe SAFeService.exe TBMon.exe dbinit.exe vstskmgr.exe scan32.exe scan64.exe scncfg32.exe shcfg32.exe shstat.exe mcupdate.exe mcconsol.exe ncdaemon.exe mfeann.exe mfehidin.exe csscan.exe mcshield.exe restartVSE.exe mcadmin.exe EngineServer.exe VirusScanAdvancedServer.exe vmscan.exe Exclude icwconn1.exe proxycfg.exe userinit.exe msohtmed.exe console.exe svchost.exe cmd.exe mmc.exe unregmp2.exe Exclude sidebar.exe jucheck.exe msimn.exe winmail.exe } Value CWD { Include "HKULMS/Microsoft/Internet Explorer/**" Include "HKULMS/Microsoft/Windows/CurrentVersion/Internet Settings/**" Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS/CACHE/**" Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS/5.0/CACHE/**" Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS/ZONEMAP:PROXYBYPASS" Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS/ZONEMAP:INTRANETNAME" Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS/ZONEMAP:UNCASINTRANET" Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS:MIGRATEPROXY" Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS:PROXYENABLE" Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS:PROXYSERVER" Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS:PROXYOVERRIDE" Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS:AUTOCONFIGURL" Exclude "HKULMS/MICROSOFT/WINDOWS/CURRENTVERSION/INTERNET SETTINGS/CONNECTIONS:SAVEDLEGACYSETTINGS" Exclude "HKULMS/Microsoft/Internet Explorer/Extensions/\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45\}/*" Exclude "HKULMS/Microsoft/Internet Explorer/Main:SmoothScroll" Exclude "HKULMS/Microsoft/Internet Explorer/International/CpMRU:Cache" } File CWD { Include "**/Favorites/**.url" } } Rule ASW01 G_020_AntiSpyOff { Description "Prevent installation of new CLSIDs, APPIDs and TYPELIBs" Enforce 0 Report 0 Process { Include * Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe wuauclt.exe update.exe updater.exe spuninst.exe javatrig.exe vbs56nen.exe js56nen.exe ieupdate.exe dahotfix.exe ie-kb*.exe kb*.exe fixccs.exe sqlredis.exe mdac_qfe.exe dasetup.exe setupre.exe wintdist.exe winlogon.exe LogonUI.exe lucoms* luupdate.exe lsetup.exe idsinst.exe lucoms* sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywar* boxinfo.exe rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* icwconn1.exe } Key CD { Include "HKULMS/Classes/CLSID/**" Include "HKULMS/Classes/APPID/**" Include "HKULMS/Classes/TypeLib/**" } } Rule ASW02 G_020_AntiSpyOff { Description "Prevent all programs from running files from the Temp folder" Enforce 0 Report 0 Process { Include * Exclude frminst.exe msiexec.exe mcscript_inuse.exe mcscancheck.exe mue_inuse.exe } File X { Include "**/temp*/**" Exclude "**/temp/*/FrmInst.exe" Exclude "**/\{718CF0D3-DCDF-428E-9F6C-258F065C8D6D\}/PiReg.exe" Exclude "**/\{718CF0D3-DCDF-428E-9F6C-258F065C8D6D\}/setlicense.exe" Exclude "**/Temp/iadhide?.dll" Exclude "**/Temp/NAVSetup.exe" Exclude "**/Temp/NAV/NAVSetup.exe" } } Rule ASW03 G_020_AntiSpyOff { Description "Prevent execution of scripts from the Temp folder" Enforce 0 Report 1 Process { Include ?script.exe } File R { Include "**/temp*/**" } } }} Product VIRUSCAN8* { AccessProtection { Enforce G_030_AntiVirusOn 1 Report G_030_AntiVirusOn 1 Enforce G_040_AntiVirusOff 0 Report G_040_AntiVirusOff 0 Enforce G_050_Outbreak 0 Report G_050_Outbreak 0 Enforce G_080_VM 0 Report G_080_VM 1 Rule AVO02 G_030_AntiVirusOn { Description "Prevent registry editor and Task Manager from being disabled" Enforce 0 Report 0 Process { Include * Exclude rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* mmc.exe} Value CWD { Include "HKULMS/Microsoft/Windows/CurrentVersion/Policies/System:DisableRegistryTools" Include "HKULMS/Microsoft/Windows/CurrentVersion/Policies/System:DisableTaskMgr" } } Rule AVO03 G_030_AntiVirusOn { Description "Prevent user rights policies from being altered" Enforce 0 Report 0 Process { Include * Exclude rtvscan.exe cfgwiz.exe navw32.exe nmain.exe fssm32.exe avtask.exe kavsvc.exe giantantispywar* msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe services.exe amgrsrvc.exe mmc.exe lsass.exe frminst.exe} Key CWD { Include "HKCCS/Control/LSA/**" Include "HKCCS/Services/lanmanserver/parameters/**" } } Rule AVO04 G_030_AntiVirusOn { Description "Prevent remote creation/modification of executable and configuration files" Enforce 0 Report 0 Process { Include system:remote } File CWD { Include **.exe **.scr **.ocx **.dll **.pif Include "${windir}/**" Include **.ini "${systemdrive}/*" Exclude "**/framepkg.exe" } } Rule AVO05 G_030_AntiVirusOn { Description "Prevent remote creation of autorun files" Process { Include system:remote} File C { Include **/autorun.inf } } Rule AVO06 G_030_AntiVirusOn { Description "Prevent hijacking of .EXE and other executable extensions" Enforce 0 Report 0 Process { Include * Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe } Key WD { Include "HKULMS/Classes/.exe/**" Include "HKULMS/Classes/exefile/**" Include "HKULMS/Classes/.com/**" Include "HKULMS/Classes/comfile/**" Include "HKULMS/Classes/.bat/**" Include "HKULMS/Classes/batfile/**" Include "HKULMS/Classes/.cmd/**" Include "HKULMS/Classes/cmdfile/**" } } Rule AVO08 G_030_AntiVirusOn { Description "Prevent Windows Process spoofing" Enforce 0 Report 0 Process { Include * } File CRXW { Include "**/svchost.exe" Include "**/explorer.exe" Include "**/ctfmon.exe" Include "**/lsass.exe" Include "**/csrss.exe" Include "**/winlogon.exe" Include "**/services.exe" Include "**/smss.exe" Exclude "${WINDIR}/**/svchost.exe" Exclude "${WINDIR}/**/explorer.exe" Exclude "${WINDIR}/**/ctfmon.exe" Exclude "${WINDIR}/**/lsass.exe" Exclude "${WINDIR}/**/csrss.exe" Exclude "${WINDIR}/**/winlogon.exe" Exclude "${WINDIR}/**/services.exe" Exclude "${WINDIR}/**/smss.exe" } } Rule AVO10 G_030_AntiVirusOn { Description "Prevent mass mailing worms from sending mail" Process { Include * Exclude ${DefaultEmailClient} ${DefaultBrowser} eudora.exe msimn.exe msn6.exe msnmsgr.exe neo20.exe nlnotes.exe outlook.exe pine.exe poco.exe thebat.exe thunde*.exe winpm-32.exe MAPISP32.exe VMIMB.EXE RESRCMON.EXE Owstimer.exe SPSNotific* WinMail.exe explorer.exe iexplore.exe firefox.exe mozilla.exe netscp.exe opera.exe msn6.exe tomcat.exe tomcat5.exe tomcat5w.exe inetinfo.exe amgrsrvc.exe apache.exe webproxy.exe msexcimc.exe Exclude ntaskldr.exe nsmtp.exe nrouter.exe agent.exe Exclude ebs.exe firesvc.exe modulewrapper* msksrvr.exe mskdetct.exe mailscan.exe rpcserv.exe Exclude mdaemon.exe worldclient.exe wspsrv.exe } Port OTU { Include 25 Include 587 } } Rule AVO11 G_030_AntiVirusOn { Description "Prevent IRC communication" Process { Include * } Port IOTU { Include 6666 6669 } } Rule AVO12 G_030_AntiVirusOn { Description "Prevent use of tftp.exe" Enforce 0 Report 0 Process { Include * Exclude wuauclt.exe } File RX { Include "**/tftp.exe" } } Rule AVW01 G_040_AntiVirusOff { Description "Prevent alteration of all file extension registrations" Process { Include * Exclude explorer.exe } Key WD { Include "HKULMS/Classes/.*/**" } } Rule AVW02 G_040_AntiVirusOff { Description "Protect cached files from password and email address stealers" Process { Include * Exclude iexplore.exe explorer.exe rundll32.exe sidebar.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe } File R { Include "**/content.ie5/**" } } Rule AVO07 G_040_AntiVirusOff { Description "Prevent svchost executing non-Windows executables" Process { Include svchost.exe } File X { Include "**/*.*" Exclude "**/*.exe" Exclude "**/*.exe.Manifest" Exclude "${windir}/**" Exclude "${CommonProgramFiles}/Microsoft Shared/**" Exclude "${CommonProgramFiles_x86}/Microsoft Shared/**" Exclude "${programfiles}/Fortinet/**" Exclude "${programfiles_x86}/mcafee/**" Exclude "${programfiles}/Windows Defender/**" } } Rule AVO09 G_040_AntiVirusOff { Description "Protect phonebook files from password and email address stealers" Process { Include * Exclude rasphone.exe explorer.exe svchost.exe frameworkservice.exe logonui.exe } File RDWC { Include "**/rasphone.pbk" } } Rule OB01 G_050_Outbreak { Description "Make all shares read-only" Process { Include system:remote } File CWD { Include * } } Rule OB02 G_050_Outbreak { Description "Block read and write access to all shares" Process { Include system:remote } File CWDRX { Include * } } Rule VM01 G_080_VM { Description "Prevent Termination of VMWare Processes" Process { Include * Exclude "**/system32/csrss.exe" vmware-authd.exe vmware-ufad.exe vmnat.exe vmount2.exe vmnetdhcp.exe vmware.exe vmware-vmx.exe vmware-tray.exe vmserverdWin32.exe vmwareuser.exe vmplayer.exe vmwaretray.exe } ProtectProcess { Include vmware-authd.exe vmware-ufad.exe vmnat.exe vmount2.exe vmnetdhcp.exe vmware.exe vmware-vmx.exe vmware-tray.exe vmserverdWin32.exe vmwareuser.exe vmplayer.exe vmwaretray.exe } } Rule VM02 G_080_VM { Description "Prevent modification of VMWare Workstation files and settings" Process { Include * Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe vmware-authd.exe vmware-ufad.exe vmnat.exe vmount2.exe vmnetdhcp.exe vmware.exe vmware-vmx.exe vmware-tray.exe vmserverdWin32.exe vmwareuser.exe vmplayer.exe vmwaretray.exe svchost.exe NdisInstall.exe FireSvc.exe WMIADAP.EXE } File CWD { Include "${programfiles_x86}/Common Files/VMWare/**" Include "${vmwareworkstationinstalldir}**" Include "${windir}/system32/drivers/VMkbd.sys" Include "${windir}/system32/drivers/vmnetadapter.sys" Include "${windir}/system32/drivers/vmnetbridge.sys" Include "${windir}/system32/drivers/vmnetuserif.sys" Include "${windir}/system32/drivers/VMparport.sys" Include "${windir}/system32/drivers/vmusb.sys" Include "${windir}/system32/drivers/vmx86.sys" Include "${windir}/system32/vmnat.exe" Include "${windir}/system32/vmnetdhcp.exe" } Key CWD { Include "HKULMS/VMware, Inc./**" Include "HKCCS/Services/VMAuthdService/**" Include "HKCCS/Services/vmkb/**" Include "HKCCS/Services/VMnetAdapter/**" Include "HKCCS/Services/VMnetBridge/**" Include "HKCCS/Services/VMnetDHCP/**" Include "HKCCS/Services/VMnetuserif/**" Include "HKCCS/Services/vmount2/**" Include "HKCCS/Services/VMparport/**" Include "HKCCS/Services/vmusb/**" Include "HKCCS/Services/VMware/**" Include "HKCCS/Services/VMware NAT Service/**" Include "HKCCS/Services/vmx86/**" Include "HKCR/.vmac/**" Include "HKCR/.vmba/**" Include "HKCR/.vmc/**" Include "HKCR/.vmdk/**" Include "HKCR/.vmhf/**" Include "HKCR/.vmhr/**" Include "HKCR/.vmsn/**" Include "HKCR/.vmss/**" Include "HKCR/.vmt/**" Include "HKCR/.vmtm/**" Include "HKCR/.vmx/**" Include "HKCR/.vmxa/**" Include "HKCR/Applications/vmware.exe/**" Include "HKCR/CLSID/{07051fd9-3e4e-4f79-b1ac-0a2f9338f806}/**" Include "HKCR/CLSID/{095DB814-94A0-4AD7-88C3-7DFBE688B12A}/**" Include "HKCR/CLSID/{0ce412d9-4520-4e5a-893d-88b3a8f29c97}/**" Include "HKCR/CLSID/{0F748FDE-0597-443c-8596-71854C5EA20A}/**" Include "HKCR/CLSID/{13E86A0C-FE7D-4573-A41D-6B5B00CCFE22}/**" Include "HKCR/CLSID/{164bdf7b-5c67-4daf-85a3-c6c927cb3d36}/**" Include "HKCR/CLSID/{1c4387ae-2b23-4c45-8bc6-c1dfbddfb249}/**" Include "HKCR/CLSID/{1dd25558-dda3-476a-a81c-a07b62f33725}/**" Include "HKCR/CLSID/{22ff5311-53a4-4335-a2d9-b75e5731bbab}/**" Include "HKCR/CLSID/{271DC252-6FE1-4D59-9053-E4CF50AB99DE}/**" Include "HKCR/CLSID/{2e1c00eb-6468-40ae-94b3-2c8d80080f21}/**" Include "HKCR/CLSID/{315cb05d-691f-4208-af14-0fa2fbb2cad6}/**" Include "HKCR/CLSID/{3d09c1ca-2bcc-40b7-b9bb-3f3ec143a87b}/**" } } Rule VM03 G_080_VM { Description "Prevent modification of VMWare Server files and settings" Process { Include * Exclude msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe ?setup.exe ??setup.exe ???setup.exe _ins*._mp McAfeeHIP_Clien* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe vmware-authd.exe vmware-ufad.exe vmnat.exe vmount2.exe vmnetdhcp.exe vmware.exe vmware-vmx.exe vmware-tray.exe vmserverdWin32.exe vmwareuser.exe vmplayer.exe vmwaretray.exe svchost.exe NdisInstall.exe FireSvc.exe WMIADAP.EXE } File CWD { Include "${programfiles_x86}/Common Files/VMWare/**" Include "${vmwareserverinstalldir}**" Include "${applicationdata}/VMWare/**" Include "${windir}/system32/drivers/vmnetadapter.sys" Include "${windir}/system32/drivers/vmnetbridge.sys" Include "${windir}/system32/drivers/vmnetuserif.sys" Include "${windir}/system32/drivers/vmx86.sys" Include "${windir}/system32/drivers/vmnet.sys" Include "${windir}/system32/vmnat.exe" Include "${windir}/system32/vmnetdhcp.exe" } Key CWD { Include "HKULMS/VMware, Inc./**" Include "HKCCS/Services/VMAuthdService/**" Include "HKCCS/Services/vmkb/**" Include "HKCCS/Services/VMnetAdapter/**" Include "HKCCS/Services/VMnetBridge/**" Include "HKCCS/Services/VMnetDHCP/**" Include "HKCCS/Services/VMnetuserif/**" Include "HKCCS/Services/vmount2/**" Include "HKCCS/Services/VMparport/**" Include "HKCCS/Services/vmserverdWin32/**" Include "HKCCS/Services/VMware/**" Include "HKCCS/Services/VMware NAT Service/**" Include "HKCCS/Services/vmx86/**" } } Rule VM04 G_080_VM { Description "Prevent modification of VMWare virtual machine files" Process { Include * Exclude vmware-authd.exe vmware-ufad.exe vmnat.exe vmount2.exe vmnetdhcp.exe vmware.exe vmware-vmx.exe vmware-tray.exe vmserverdWin32.exe vmwareuser.exe vmplayer.exe vmwaretray.exe svchost.exe NdisInstall.exe FireSvc.exe } File CWD { Include "**/*.vmdk" Include "**/*.nvram" Include "**/*.vmsd" Include "**/*.vmx" Include "**/*.vmxf" } } }} AccessProtection { Strings 0401 { G_010_AntiSpyOn "σÅìΘûôΦ½£Φ╗ƒΘ½öµ¿Öµ║ûΣ┐¥Φ¡╖" G_020_AntiSpyOff "σÅìΘûôΦ½£Φ╗ƒΘ½öµ£ÇσñºΣ┐¥Φ¡╖" G_030_AntiVirusOn "Θÿ▓µ»Æµ¿Öµ║ûΣ┐¥Φ¡╖" G_040_AntiVirusOff "Θÿ▓µ»Æµ£ÇσñºΣ┐¥Φ¡╖" G_050_Outbreak "Θÿ▓τùàµ»ÆτêåτÖ╝µÄºσê╢" G_060_CommonOn "Σ╕ÇΦê¼µ¿Öµ║ûΣ┐¥Φ¡╖" G_070_CommonOff "Σ╕ÇΦê¼µ£ÇσñºΣ┐¥Φ¡╖" G_080_VM "ΦÖ¢µô¼µ⌐ƒσÖ¿Σ┐¥Φ¡╖" G_User "Σ╜┐τö¿ΦÇàσ«Üτ╛⌐τÜäΦªÅσëç" ASO01 "Σ┐¥Φ¡╖ Internet Explorer µêæτÜäµ£Çµä¢σÅèΦ¿¡σ«Ü" ASW01 "Θÿ▓µ¡óσ«ëΦú¥µû░τÜä CLSIDπÇüAPPID σÅè TYPELIB" ASW02 "Θÿ▓µ¡óµëÇµ£ëτ¿ïσ╝Åσ╛₧ Temp Φ│çµûÖσñ╛σƒ╖Φíîµ¬öµíê" ASW03 "Θÿ▓µ¡óσ╛₧ Temp Φ│çµûÖσñ╛σƒ╖ΦíîµîçΣ╗ñτó╝" AVO02 "Θÿ▓µ¡óτÖ╗Θîäτ╖¿Φ╝»τ¿ïσ╝ÅσÅèσ╖ÑΣ╜£τ«íτÉåσôíΦó½σü£τö¿" AVO03 "Θÿ▓µ¡óΣ╜┐τö¿ΦÇàµ¼èσê⌐σÄƒσëçΦó½µ¢┤µö╣" AVO04 "Θÿ▓µ¡óΘüáτ½»σ╗║τ½ï/Σ┐«µö╣σƒ╖Φíîµ¬öσÅèΦ¿¡σ«Üµ¬ö" AVO05 "Θÿ▓µ¡óΘüáτ½»σ╗║τ½ïΦç¬σïòσƒ╖Φíîµ¬ö" AVO06 "Θÿ▓µ¡ó.EXE σÅèσà╢Σ╗ûσƒ╖Φíîµ¬öσë»µ¬öσÉìΦó½σè½µîü" AVO07 "Θÿ▓µ¡ó svchost σƒ╖ΦíîΘ¥₧ Windows σƒ╖Φíîµ¬ö" AVO08 "Θÿ▓µ¡óσâ₧Φú¥ Windows τ¿ïσ║Å" AVO09 "Σ┐¥Φ¡╖Θ¢╗Φ⌐▒τ░┐µ¬öµíê∩╝îΣ╗ÑΘÿ▓σ»åτó╝σÅèΘ¢╗σ¡ÉΘâ╡Σ╗╢σ£░σ¥ÇΘü¡τ½è" AVO10 "Θÿ▓µ¡óσñºσ«ùΘâ╡Σ╗╢ΦáòΦƒ▓τùàµ»Æσé│ΘÇüΘâ╡Σ╗╢" AVO11 "Θÿ▓µ¡ó IRC ΘÇÜΦ¿è" AVO12 "Θÿ▓µ¡óΣ╜┐τö¿ tftp.exe" AVW01 "Θÿ▓µ¡óµëÇµ£ëσë»µ¬öσÉìτÖ╗ΘîäΦó½µ¢┤µö╣" AVW02 "Σ┐¥Φ¡╖σ┐½σÅûµ¬öµíê∩╝îΣ╗ÑΘÿ▓σ»åτó╝σÅèΘ¢╗σ¡ÉΘâ╡Σ╗╢σ£░σ¥ÇΘü¡τ½è" CO01 "Θÿ▓µ¡ó McAfee µ¬öµíêσÅèΦ¿¡σ«ÜΦó½Σ┐«µö╣" CO02 "Θÿ▓µ¡ó McAfee Common Management Agent µ¬öµíêσÅèΦ¿¡σ«ÜΦó½Σ┐«µö╣" CO03 "Θÿ▓µ¡ó McAfee µÄâµÅÅσ╝òµôÄµ¬öµíêσÅèΦ¿¡σ«ÜΦó½Σ┐«µö╣" CO04 "Σ┐¥Φ¡╖ Mozilla σÅè FireFox µ¬öµíêσÅèΦ¿¡σ«Ü" CO05 "Σ┐¥Φ¡╖ Internet Explorer Φ¿¡σ«Ü" CO06 "Θÿ▓µ¡óσ«ëΦú¥ Browser Helper Object σÅè Shell σë»µ¬öσÉì" CO12 "Σ┐¥Φ¡╖τ╢▓Φ╖»Φ¿¡σ«Ü" CO13 "Θÿ▓µ¡óσà¼τö¿τ¿ïσ╝Åσ╛₧ Temp Φ│çµûÖσñ╛σƒ╖Φíîµ¬öµíê" COSP "Θÿ▓µ¡ó McAfee ΦÖòτÉåτ¿ïσ║Åτ╡éµ¡ó" CW01a "Θÿ▓µ¡óΦ¿╗σåèτé║Φç¬σïòσƒ╖ΦíîτÜäτ¿ïσ╝Å" CW01b "Θÿ▓µ¡óΦ¿╗σåèτé║µ£ìσïÖτÜäτ¿ïσ╝Å" CW02a "Θÿ▓µ¡óσ£¿ Windows Φ│çµûÖσñ╛Σ╕¡σ╗║τ½ïµû░σƒ╖Φíîµ¬ö" CW02b "Θÿ▓µ¡óσ£¿ Program Files Φ│çµûÖσñ╛Σ╕¡σ╗║τ½ïµû░σƒ╖Φíîµ¬ö" CW04 "Θÿ▓µ¡óσ╛₧ Downloaded Program Files Φ│çµûÖσñ╛Σ╕¡σòƒσïòµ¬öµíê" CW05 "Θÿ▓µ¡ó FTP ΘÇÜΦ¿è" CW06 "Θÿ▓µ¡ó HTTP ΘÇÜΦ¿è" OB01 "σ░çµëÇµ£ëτÜäσà▒τö¿Φ¿¡τé║σö»Φ«Ç" OB02 "σ░üΘÄûσ░ìµëÇµ£ëσà▒τö¿τÜäΦ«ÇσÅûσÅèσ»½σàÑσ¡ÿσÅûµ¼è" VM01 "Θÿ▓µ¡ó VMWare ΦÖòτÉåτ¿ïσ║Åτ╡éµ¡ó" VM02 "Θÿ▓µ¡ó VMWare Workstation µ¬öµíêσÅèΦ¿¡σ«ÜΦó½Σ┐«µö╣" VM03 "Θÿ▓µ¡ó VMWare Server µ¬öµíêσÅèΦ¿¡σ«ÜΦó½Σ┐«µö╣" VM04 "Θÿ▓µ¡ó VMWare ΦÖ¢µô¼µ⌐ƒσÖ¿µ¬öµíêΦó½Σ┐«µö╣" }} AccessProtection { Strings 07 { G_010_AntiSpyOn "Standardm├ñ├ƒiger Spyware-Schutz" G_020_AntiSpyOff "Maximaler Spyware-Schutz" G_030_AntiVirusOn "Standardm├ñ├ƒiger Virenschutz" G_040_AntiVirusOff "Maximaler Virenschutz" G_050_Outbreak "Kontrolle bei Virusausbr├╝chen" G_060_CommonOn "Common - Standardschutz" G_070_CommonOff "Common - Maximaler Schutz" G_080_VM "Schutz virtueller Computer" G_User "Benutzerdefinierte Regeln" ASO01 "Favoriten und Einstellungen in Internet Explorer sch├╝tzen" ASW01 "Installation neuer CLSIDs, APPIDs und TYPELIBs verhindern" ASW02 "Ausf├╝hren von Dateien im Temp-Ordner f├╝r alle Programme verhindern" ASW03 "Ausf├╝hren von Skripten aus dem TEMP-Ordner verhindern" AVO02 "Deaktivieren von Registrierungseditor und Task-Manager verhindern" AVO03 "├ändern von Benutzerrechten f├╝r Richtlinien verhindern" AVO04 "Remote-Erstellung/├änderung von ausf├╝hrbaren Dateien und Konfigurationsdateien verhindern" AVO05 "Remote-Erstellung von Autorun-Dateien verhindern" AVO06 "Missbrauch von .EXE und andere Erweiterungen f├╝r ausf├╝hrbare Dateien verhindern" AVO07 "Ausf├╝hren von Nicht-Windows-Dateien durch svchost verhindern" AVO08 "Spoofing von Windows-Prozessen verhindern" AVO09 "Adressbuchdateien vor Kennwort- und E-Mail-Adressdiebstahl sch├╝tzen" AVO10 "Senden von E-Mails durch Massenmail-W├╝rmer verhindern" AVO11 "IRC-Kommunikation verhindern" AVO12 "Verwenden von tftp.exe verhindern" AVW01 "├ändern der Registrierung f├╝r alle Dateierweiterungen verhindern" AVW02 "Dateien im Cache vor Kennwort- und E-Mail-Adressdiebstahl sch├╝tzen" CO01 "Ver├ñnderungen der McAfee-Dateien und -Einstellungen verhindern" CO02 "├ändern von Dateien und Einstellungen des McAfee Common Management Agenten verhindern" CO03 "Ver├ñnderungen der McAfee-Scanmodul-Dateien und -Einstellungen verhindern" CO04 "Dateien und Einstellungen von Mozilla und FireFox sch├╝tzen" CO05 "Einstellungen von Internet Explorer sch├╝tzen" CO06 "Installation von Browser Helper Objects und Shell-Erweiterungen verhindern" CO12 "Netzwerkeinstellungen sch├╝tzen" CO13 "Ausf├╝hren von Dateien im Temp-Ordner f├╝r h├ñufig genutzte Programme verhindern" COSP "Beenden von McAfee-Prozessen verhindern" CW01a "Registrieren von Programmen f├╝r Autorun verhindern" CW01b "Registrierung von Programmen als Dienst verhindern" CW02a "Erstellung neuer ausf├╝hrbarer Dateien im Windows-Ordner verhindern" CW02b "Erstellung neuer ausf├╝hrbarer Dateien im Programmdateienordner verhindern" CW04 "Starten von Dateien aus dem Ordner \"Downloaded Program Files\" verhindern" CW05 "FTP-Kommunikation verhindern" CW06 "HTTP-Kommunikation verhindern" OB01 "Alle Freigaben mit Schreibschutz versehen" OB02 "Lese- und Schreibzugriff auf alle Freigaben blockieren" VM01 "Beendigung von VMWare-Prozessen verhindern" VM02 "├ändern von Dateien und Einstellungen von VMWare-Workstation verhindern" VM03 "├ändern von Dateien und Einstellungen von VMWare-Server verhindern" VM04 "├ändern von Dateien des virtuellen VMWare-Computers verhindern" }} AccessProtection { Strings 09 { G_010_AntiSpyOn "Anti-spyware Standard Protection" G_020_AntiSpyOff "Anti-spyware Maximum Protection" G_030_AntiVirusOn "Anti-virus Standard Protection" G_040_AntiVirusOff "Anti-virus Maximum Protection" G_050_Outbreak "Anti-virus Outbreak Control" G_060_CommonOn "Common Standard Protection" G_070_CommonOff "Common Maximum Protection" G_080_VM "Virtual Machine Protection" G_User "User-defined Rules" ASO01 "Protect Internet Explorer favorites and settings" ASW01 "Prevent installation of new CLSIDs, APPIDs and TYPELIBs" ASW02 "Prevent all programs from running files from the Temp folder" ASW03 "Prevent execution of scripts from the Temp folder" AVO02 "Prevent registry editor and Task Manager from being disabled" AVO03 "Prevent user rights policies from being altered" AVO04 "Prevent remote creation/modification of executable and configuration files" AVO05 "Prevent remote creation of autorun files" AVO06 "Prevent hijacking of .EXE and other executable extensions" AVO07 "Prevent svchost executing non-Windows executables" AVO08 "Prevent Windows Process spoofing" AVO09 "Protect phonebook files from password and email address stealers" AVO10 "Prevent mass mailing worms from sending mail" AVO11 "Prevent IRC communication" AVO12 "Prevent use of tftp.exe" AVW01 "Prevent alteration of all file extension registrations" AVW02 "Protect cached files from password and email address stealers" CO01 "Prevent modification of McAfee files and settings" CO02 "Prevent modification of McAfee Common Management Agent files and settings" CO03 "Prevent modification of McAfee Scan Engine files and settings" CO04 "Protect Mozilla & FireFox files and settings" CO05 "Protect Internet Explorer settings" CO06 "Prevent installation of Browser Helper Objects and Shell Extensions" CO12 "Protect network settings" CO13 "Prevent common programs from running files from the Temp folder" COSP "Prevent termination of McAfee processes" CW01a "Prevent programs registering to autorun" CW01b "Prevent programs registering as a service" CW02a "Prevent creation of new executable files in the Windows folder" CW02b "Prevent creation of new executable files in the Program Files folder" CW04 "Prevent launching of files from the Downloaded Program Files folder" CW05 "Prevent FTP communication" CW06 "Prevent HTTP communication" OB01 "Make all shares read-only" OB02 "Block read and write access to all shares" VM01 "Prevent Termination of VMWare Processes" VM02 "Prevent modification of VMWare Workstation files and settings" VM03 "Prevent modification of VMWare Server files and settings" VM04 "Prevent modification of VMWare virtual machine files" }} AccessProtection { Strings 0A { G_010_AntiSpyOn "Protecci├│n est├índar de antisoftware esp├¡a" G_020_AntiSpyOff "Protecci├│n m├íxima de antisoftware esp├¡a" G_030_AntiVirusOn "Protecci├│n est├índar de antivirus" G_040_AntiVirusOff "Protecci├│n m├íxima de antivirus" G_050_Outbreak "Control de brotes de antivirus" G_060_CommonOn "Protecci├│n com├║n est├índar" G_070_CommonOff "Protecci├│n com├║n m├íxima" G_080_VM "Protecci├│n de m├íquina virtual" G_User "Reglas definidas por el usuario" ASO01 "Proteger los favoritos y las opciones de Internet Explorer" ASW01 "Impedir la instalaci├│n de nuevos CLSID, APPID y TYPELIB" ASW02 "Impedir a todos los programas que ejecuten archivos desde la carpeta Temp" ASW03 "Impedir la ejecuci├│n de secuencias de comandos desde la carpeta Temp" AVO02 "Impedir la desactivaci├│n del editor del Registro y del Administrador de tareas" AVO03 "Impedir la alteraci├│n de las directivas de derechos de usuario" AVO04 "Impedir la creaci├│n o la modificaci├│n remota de los archivos ejecutables y de configuraci├│n" AVO05 "Impedir la creaci├│n remota de archivos de ejecuci├│n autom├ítica" AVO06 "Impedir el pirateo de archivos .EXE y con otras extensiones ejecutables" AVO07 "Impedir que svchost ejecute archivos ejecutables que no sean de Windows" AVO08 "Impedir la falsificaci├│n de procesos de Windows" AVO09 "Proteger los archivos de la libreta de direcciones frente a los ladrones de contrase├▒as y direcciones de correo electr├│nico" AVO10 "Impedir que los gusanos de env├¡o masivo de correo env├¡en correo" AVO11 "Impedir comunicaci├│n IRC" AVO12 "Impedir el uso de tftp.exe" AVW01 "Impedir la alteraci├│n de todos los registros de extensiones de archivos" AVW02 "Proteger los archivos de la cach├⌐ frente a los ladrones de contrase├▒as y direcciones de correo electr├│nico" CO01 "Impedir la modificaci├│n de los archivos y las opciones de McAfee" CO02 "Impedir la modificaci├│n de los archivos y las opciones de McAfee Common Management Agent" CO03 "Impedir la modificaci├│n de los archivos y las opciones de McAfee Scan Engine " CO04 "Proteger los archivos y las opciones de Mozilla y FireFox" CO05 "Proteger las opciones de Internet Explorer" CO06 "Impedir la instalaci├│n de objetos auxiliares del explorador y extensiones de shell" CO12 "Proteger las opciones de red" CO13 "Impedir que los programas comunes ejecuten archivos desde la carpeta Temp" COSP "Evitar la interrupci├│n de procesos de McAfee " CW01a "Impedir que los programas se registren para su ejecuci├│n autom├ítica" CW01b "Impedir que los programas se registren como servicios" CW02a "Impedir la creaci├│n de nuevos archivos ejecutables en la carpeta Windows" CW02b "Impedir la creaci├│n de nuevos archivos ejecutables en la carpeta Archivos de programa" CW04 "Impedir la ejecuci├│n de archivos desde la carpeta Downloaded Program Files" CW05 "Impedir la comunicaci├│n FTP" CW06 "Impedir la comunicaci├│n HTTP" OB01 "Hacer que todos los recursos compartidos sean de s├│lo lectura" OB02 "Bloquear el acceso de lectura y escritura de todos los recursos compartidos" VM01 "Impedir la interrupci├│n de procesos de VMWare" VM02 "Impedir la modificaci├│n de los archivos y las opciones de la estaci├│n de trabajo de VMWare" VM03 "Impedir la modificaci├│n de los archivos y las opciones del servidor de VMWare" VM04 "Impedir la modificaci├│n de los archivos de m├íquina virtual de VMWare" }} AccessProtection { Strings 0C { G_010_AntiSpyOn "Protection standard contre les logiciels espions" G_020_AntiSpyOff "Protection maximale contre les logiciels espions" G_030_AntiVirusOn "Protection standard antivirus" G_040_AntiVirusOff "Protection maximale antivirus" G_050_Outbreak "Contr├┤le des attaques d'antivirus" G_060_CommonOn "Protection standard commune" G_070_CommonOff "Protection maximale commune" G_080_VM "Protection de la machine virtuelle" G_User "R├¿gles d├⌐finies par l'utilisateur" ASO01 "Prot├⌐ger les favoris et les param├¿tres d'Internet Explorer" ASW01 "Emp├¬cher l'installation de nouveaux CLSID, APPID et TYPELIB" ASW02 "Emp├¬cher tous les programmes d'ex├⌐cuter des fichiers du dossier Temp" ASW03 "Emp├¬cher l'ex├⌐cution de scripts du dossier Temp" AVO02 "Emp├¬cher la d├⌐sactivation de l'├⌐diteur de registre et du gestionnaire des t├óches" AVO03 "Emp├¬cher l'alt├⌐ration des strat├⌐gies des droits d'acc├¿s utilisateur" AVO04 "Emp├¬cher la cr├⌐ation/ modification ├á distance de fichiers ex├⌐cutables et de configuration" AVO05 "Emp├¬cher la cr├⌐ation ├á distance de fichiers d'ex├⌐cution automatique" AVO06 "Emp├¬cher le d├⌐tournement des fichiers .EXE et des autres extensions ex├⌐cutables" AVO07 "Emp├¬cher svchost d'ex├⌐cuter des fichiers ex├⌐cutables non Windows" AVO08 "Emp├¬cher l'usurpation du processus Windows" AVO09 "Prot├⌐ger les fichiers de r├⌐pertoire des voleurs de mots de passe et d'adresses de messagerie" AVO10 "Emp├¬cher les vers ├á┬á diffusion massive d'envoyer des messages ├⌐lectroniques" AVO11 "Emp├¬cher la communication IRC" AVO12 "Emp├¬cher l'utilisation du fichier tftp.exe" AVW01 "Emp├¬cher l'alt├⌐ration de tous les enregistrements d'extension de fichier" AVW02 "Prot├⌐ger les fichiers en cache des voleurs de mots de passe et d'adresses de messagerie" CO01 "Emp├¬cher la modification des fichiers et param├¿tres de McAfee" CO02 "Emp├¬cher la modification des fichiers et param├¿tres de McAfee Common Management Agent" CO03 "Emp├¬cher la modification des fichiers et param├¿tres de McAfee Scan Engine" CO04 "Prot├⌐ger les fichiers et les param├¿tres de Mozilla et FireFox" CO05 "Prot├⌐ger les param├¿tres d'Internet Explorer" CO06 "Emp├¬cher l'installation de programmes additionnels de navigateur et d'extensions Shell" CO12 "Prot├⌐ger les param├¿tres r├⌐seau" CO13 "Emp├¬cher les programmes communs d'ex├⌐cuter des fichiers du dossier Temp" COSP "Emp├¬cher l'arr├¬t des processus McAfee" CW01a "Emp├¬cher les programmes de s'enregistrer pour l'ex├⌐cution automatique" CW01b "Emp├¬cher les programmes de s'enregistrer en tant que service" CW02a "Emp├¬cher la cr├⌐ation de fichiers ex├⌐cutables dans le dossier Windows" CW02b "Emp├¬cher la cr├⌐ation de fichiers ex├⌐cutables dans le dossier Program Files" CW04 "Emp├¬cher le lancement des fichiers du dossier Downloaded Program Files" CW05 "Emp├¬cher la communication FTP" CW06 "Emp├¬cher la communication HTTP" OB01 "Passer tous les ├⌐l├⌐ments partag├⌐s en lecture seule" OB02 "Bloquer l'acc├¿s en lecture et en ├⌐criture pour tous les ├⌐l├⌐ments partag├⌐s" VM01 "Emp├¬cher l'arr├¬t des processus VMWare" VM02 "Emp├¬cher la modification des fichiers et param├¿tres de la station de travail VMWare" VM03 "Emp├¬cher la modification des fichiers et param├¿tres du serveur VMWare" VM04 "Emp├¬cher la modification des fichiers de la machine virtuelle VMWare" }} AccessProtection { Strings 10 { G_010_AntiSpyOn "Protezione AntiSpyware standard" G_020_AntiSpyOff "Protezione AntiSpyware massima" G_030_AntiVirusOn "Protezione antivirus standard" G_040_AntiVirusOff "Protezione antivirus massima" G_050_Outbreak "Controllo diffusione antivirus" G_060_CommonOn "Protezione comune standard" G_070_CommonOff "Protezione comune massima" G_080_VM "Protezione della macchina virtuale" G_User "Regole definite dallΓÇÖutente" ASO01 "Proteggi impostazioni e preferiti di Internet Explorer" ASW01 "Impedisci installazione di nuovi CLSID, APPID e TYPELIB" ASW02 "Impedisci esecuzione di file dalla cartella Temp da parte di tutti i programmi" ASW03 "Impedisci esecuzione di script dalla cartella Temp" AVO02 "Impedisci disattivazione dell'Editor del Registro di sistema e di Task Manager" AVO03 "Impedisci modifica dei criteri diritti utente" AVO04 "Impedisci creazione/modifica remota di file eseguibili e di configurazione" AVO05 "Impedisci creazione remota di file a esecuzione automatica" AVO06 "Impedisci la presa di controllo di file eseguibili con estensione .EXE e altre estensioni" AVO07 "Impedisci esecuzione di file eseguibili non Windows da parte di svchost" AVO08 "Impedisci spoofing dei processi Windows" AVO09 "Proteggi file della rubrica dal furto di password e di indirizzi di posta elettronica" AVO10 "Impedisci a worm distribuiti tramite mass-mailing di inviare messaggi" AVO11 "Impedisci comunicazioni via IRC" AVO12 "Impedisci utilizzo di tftp.exe" AVW01 "Impedisci modifica di tutte le registrazioni delle estensioni di file" AVW02 "Proteggi file della cache dal furto di password e di indirizzi di posta elettronica" CO01 "Impedisci modifica di file e impostazioni McAfee" CO02 "Impedisci modifica file e impostazioni di McAfee Common Management Agent" CO03 "Impedisci modifica file e impostazioni del motore di scansione McAfee" CO04 "Proteggi file e impostazioni di Mozilla e FireFox" CO05 "Proteggi impostazioni di Internet Explorer" CO06 "Impedisci installazione di oggetti browser helper e di estensioni della shell" CO12 "Proteggi impostazioni di rete" CO13 "Impedisci esecuzione di file dalla cartella Temp da parte di programmi comuni" COSP "Impedisci interruzione dei processi McAfee" CW01a "Impedisci registrazione di programmi per l'esecuzione automatica" CW01b "Impedisci registrazione di programmi come servizi" CW02a "Impedisci creazione di nuovi file eseguibili nella cartella Windows" CW02b "Impedisci creazione di nuovi file eseguibili nella cartella Programmi" CW04 "Impedisci esecuzione di file dalla cartella Downloaded Program Files" CW05 "Impedisci comunicazioni via FTP" CW06 "Impedisci comunicazioni via HTTP" OB01 "Rendi tutte le condivisioni di sola lettura" OB02 "Blocca accesso in lettura e scrittura a tutte le condivisioni." VM01 "Impedisci interruzione dei processi VMWare" VM02 "Impedisci modifica di file e impostazioni di VMWare Workstation" VM03 "Impedisci modifica di file e impostazioni di VMWare Server" VM04 "Impedisci modifica di file della macchina virtuale VMWare" }} AccessProtection { Strings 11 { G_010_AntiSpyOn "πé╣πâæπéñπéªπéºπéóσ»╛τ¡ûµ¿Öµ║ûΣ┐¥Φ¡╖" G_020_AntiSpyOff "πé╣πâæπéñπéªπéºπéóσ»╛τ¡ûµ£ÇσñºΣ┐¥Φ¡╖" G_030_AntiVirusOn "πéªπéñπâ½πé╣σ»╛τ¡ûµ¿Öµ║ûΣ┐¥Φ¡╖" G_040_AntiVirusOff "πéªπéñπâ½πé╣σ»╛τ¡ûµ£ÇσñºΣ┐¥Φ¡╖" G_050_Outbreak "πéªπéñπâ½πé╣σ»╛τ¡ûπéóπéªπâêπâûπâ¼πâ╝πé» πé│πâ│πâêπâ¡πâ╝πâ½" G_060_CommonOn "Σ╕ÇΦê¼µ¿Öµ║ûπâùπâ¡πâåπé»πâê" G_070_CommonOff "Σ╕ÇΦê¼µ£Çσñºπâùπâ¡πâåπé»πâê" G_080_VM "Σ╗«µâ│πâ₧πé╖πâ│Σ┐¥Φ¡╖" G_User "πâªπâ╝πé╢σ«Üτ╛⌐πâ½πâ╝πâ½" ASO01 "Internet Explorer πü«πüèµ░ùπü½σàÑπéèπü¿Φ¿¡σ«ÜπéÆΣ┐¥Φ¡╖πüÖπéï" ASW01 "CLSIDπÇüAPPIDπÇüπüèπéêπü│ TYPELIB πéÆµû░πüùπüÅπéñπâ│πé╣πâêπâ╝πâ½πüòπü¢πü¬πüä" ASW02 "πüÖπü╣πüªπü«πâùπâ¡πé░πâ⌐πâáπü½πéêπéï[temp]πâòπé⌐πâ½πâÇπü½πüéπéïπâòπéíπéñπâ½πü«σ«ƒΦíîπéÆπâûπâ¡πââπé»" ASW03 "Σ╕ÇµÖéπâòπé⌐πâ½πâÇπüºπü«πé╣πé»πâ¬πâùπâêπü«σ«ƒΦíîπéÆτªüµ¡óπüÖπéï" AVO02 "πâ¼πé╕πé╣πâêπâ¬ πé¿πâçπéúπé┐πüèπéêπü│πé┐πé╣πé» πâ₧πâìπâ╝πé╕πâúπüîτäíσè╣πü½πüòπü¢πü¬πüä" AVO03 "πâªπâ╝πé╢µ¿⌐σê⌐πü«πâ¥πâ¬πé╖πâ╝πüîσñëµ¢┤πüòπü¢πü¬πüä" AVO04 "σ«ƒΦíîσÅ»Φâ╜πâòπéíπéñπâ½πüèπéêπü│µºïµêÉπâòπéíπéñπâ½πéÆπâ¬πâóπâ╝πâêπüïπéëΣ╜£µêÉπü╛πüƒπü»σñëµ¢┤πüòπü¢πü¬πüä" AVO05 "Φç¬σïòσ«ƒΦíîπâòπéíπéñπâ½πéÆπâ¬πâóπâ╝πâêπüïπéëΣ╜£µêÉπüòπü¢πü¬πüä" AVO06 "EXE πüèπéêπü│πü¥πü«Σ╗ûπü«σ«ƒΦíîσÅ»Φâ╜πü¬µïíσ╝╡σ¡Éπü«πâÅπéñπé╕πâúπââπé»πéÆΘÿ▓µ¡óπüÖπéï" AVO07 "Windows Σ╗Ñσñûπü«σ«ƒΦíîσÅ»Φâ╜πâòπéíπéñπâ½πéÆ svchost πü½πéêπüúπüªσ«ƒΦíîπüòπü¢πü¬πüä" AVO08 "Windows πâùπâ¡πé╗πé╣πü«πé╣πâùπâ╝πâòπéúπâ│πé░πéÆπüòπü¢πü¬πüä" AVO09 "πâæπé╣πâ»πâ╝πâëπéäΘ¢╗σ¡Éπâíπâ╝πâ½ πéóπâëπâ¼πé╣πüîτ¢ùΘ¢úπüòπéîπü¬πüäπéêπüåπü½Θ¢╗Φ⌐▒σ╕│πâòπéíπéñπâ½πéÆΣ┐¥Φ¡╖πüÖπéï" AVO10 "σñºΘçÅπâíπâ╝πâ½ΘàìΣ┐íσ₧ïπâ»πâ╝πâáπü½πâíπâ╝πâ½πéÆΘÇüΣ┐íπüòπü¢πü¬πüä" AVO11 "IRC πé│πâƒπâÑπâïπé▒πâ╝πé╖πâºπâ│πéÆπüòπü¢πü¬πüä" AVO12 "tftp.exe πéÆΣ╜┐τö¿πüòπü¢πü¬πüä" AVW01 "πâòπéíπéñπâ½µïíσ╝╡σ¡Éπü«τÖ╗Θî▓πéÆσñëµ¢┤πüòπü¢πü¬πüä" AVW02 "πâæπé╣πâ»πâ╝πâëπéäΘ¢╗σ¡Éπâíπâ╝πâ½ πéóπâëπâ¼πé╣πüîτ¢ùΘ¢úπüòπéîπü¬πüäπéêπüåπü½πé¡πâúπé╖πâÑπüùπüƒπâòπéíπéñπâ½πéÆΣ┐¥Φ¡╖πüÖπéï" CO01 "McAfee πâòπéíπéñπâ½πü«σñëµ¢┤πü¿Φ¿¡σ«ÜπéÆΣ┐¥Φ¡╖πüÖπéï" CO02 "McAfee Common Management Agent πü«πâòπéíπéñπâ½πü¿Φ¿¡σ«ÜπéÆσñëµ¢┤πüòπü¢πü¬πüä" CO03 "McAfee Scan Engine πâòπéíπéñπâ½πü«σñëµ¢┤πü¿Φ¿¡σ«ÜπéÆΣ┐¥Φ¡╖πüÖπéï" CO04 "Mozilla πüèπéêπü│ FireFox πü«πâòπéíπéñπâ½πü¿Φ¿¡σ«ÜπéÆΣ┐¥Φ¡╖πüÖπéï" CO05 "Internet Explorer Φ¿¡σ«ÜπéÆΣ┐¥Φ¡╖πüÖπéï" CO06 "πâûπâ⌐πéªπé╢πü«πâÿπâ½πâæ πé¬πâûπé╕πéºπé»πâêπéäπé╖πéºπâ½πü«µïíσ╝╡µ⌐ƒΦâ╜πéÆπéñπâ│πé╣πâêπâ╝πâ½πüòπü¢πü¬πüä" CO12 "πâìπââπâêπâ»πâ╝πé»πü«Φ¿¡σ«ÜπéÆΣ┐¥Φ¡╖πüÖπéï" CO13 "Σ╕ÇΦê¼πü«πâùπâ¡πé░πâ⌐πâáπü½πéêπéï [Temp] πâòπé⌐πâ½πâÇπü«πâòπéíπéñπâ½πü«σ«ƒΦíîπéÆΘÿ▓µ¡óπüÖπéï" COSP "McAfee πâùπâ¡πé╗πé╣πüîτ╡éΣ║åπüòπéîπü¬πüäπéêπüåπü½πüÖπéï" CW01a "πâùπâ¡πé░πâ⌐πâáπü«Φç¬σïòσ«ƒΦíîτÖ╗Θî▓πéÆΘÿ▓µ¡óπüÖπéï" CW01b "πâùπâ¡πé░πâ⌐πâáπéÆπé╡πâ╝πâôπé╣πü¿πüùπüªτÖ╗Θî▓πüòπü¢πü¬πüä" CW02a "Windows πâòπé⌐πâ½πâÇπü½µû░πüùπüäσ«ƒΦíîσÅ»Φâ╜πâòπéíπéñπâ½πéÆΣ╜£µêÉπüòπü¢πü¬πüä" CW02b "Program Files πâòπé⌐πâ½πâÇπü½µû░πüùπüäσ«ƒΦíîσÅ»Φâ╜πâòπéíπéñπâ½πéÆΣ╜£µêÉπüòπü¢πü¬πüä" CW04 "Downloaded Program Files πâòπé⌐πâ½πâÇπüïπéëπâòπéíπéñπâ½πéÆΦ╡╖σïòπüòπü¢πü¬πüä" CW05 "FTP πü½πé│πâƒπâÑπâïπé▒πâ╝πé╖πâºπâ│πüòπü¢πü¬πüä" CW06 "HTTP πü½πé│πâïπâÑπâïπé▒πâ╝πé╖πâºπâ│πüòπü¢πü¬πüä" OB01 "πüÖπü╣πüªπü«σà▒µ£ëπéÆΦ¬¡πü┐σÅûπéèσ░éτö¿πü½πüÖπéï" OB02 "πüÖπü╣πüªπü«πé╖πéºπéóπüïπéëπü«Φ¬¡πü┐σç║πüùπü¿µ¢╕πüìΦ╛╝πü┐πéÆπüòπü¢πü¬πüä" VM01 "VMWare πâùπâ¡πé╗πé╣πüîτ╡éΣ║åπüòπéîπü¬πüäπéêπüåπü½πüÖπéï" VM02 "VMWare Workstation πâòπéíπéñπâ½πüèπéêπü│Φ¿¡σ«Üπü«σñëµ¢┤πéÆΘÿ▓µ¡óπüÖπéï" VM03 "VMWare Server πâòπéíπéñπâ½πüèπéêπü│Φ¿¡σ«Üπü«σñëµ¢┤πéÆΘÿ▓µ¡óπüÖπéï" VM04 "VMWare Σ╗«µâ│πâ₧πé╖πâ│ πâòπéíπéñπâ½πü«σñëµ¢┤πéÆΘÿ▓µ¡óπüÖπéï" }} AccessProtection { Strings 12 { G_010_AntiSpyOn "∞òêφï░∞èñφîî∞¥┤∞¢¿∞û┤ φæ£∞ñÇ δ│┤φÿ╕" G_020_AntiSpyOff "∞òêφï░∞èñφîî∞¥┤∞¢¿∞û┤ ∞╡£δîÇ δ│┤φÿ╕" G_030_AntiVirusOn "∞òêφï░δ░ö∞¥┤δƒ¼∞èñ φæ£∞ñÇ δ│┤φÿ╕" G_040_AntiVirusOff "∞òêφï░δ░ö∞¥┤δƒ¼∞èñ ∞╡£δîÇ δ│┤φÿ╕" G_050_Outbreak "∞òêφï░δ░ö∞¥┤δƒ¼∞èñ ∞òä∞¢âδ╕îδáê∞¥┤φü¼ ∞á£∞û┤" G_060_CommonOn "∞¥╝δ░ÿ φæ£∞ñÇ δ│┤φÿ╕" G_070_CommonOff "∞¥╝δ░ÿ ∞╡£δîÇ δ│┤φÿ╕" G_080_VM "VM δ│┤φÿ╕" G_User "∞é¼∞Ü⌐∞₧É ∞áò∞¥ÿ Ω╖£∞╣Ö" ASO01 "Internet Explorer ∞ªÉΩ▓¿∞░╛Ω╕░ δ░Å ∞äñ∞áò δ│┤φÿ╕" ASW01 "∞âêδí£∞Ü┤ CLSID, APPID δ░Å TYPELIB ∞äñ∞╣ÿ δ░⌐∞ºÇ" ASW02 "δ¬¿δôá φöäδí£Ω╖╕δ₧¿∞ùÉ δîÇφò┤ Temp φÅ┤δìö∞ùÉ∞ä£ φîî∞¥╝ ∞ïñφûë δ░⌐∞ºÇ" ASW03 "Temp φÅ┤δìö∞ùÉ∞ä£ ∞èñφü¼δª╜φè╕ ∞ïñφûë δ░⌐∞ºÇ" AVO02 "δáê∞ºÇ∞èñφè╕δª¼ φÄ╕∞ºæΩ╕░ δ░Å ∞₧æ∞ùà Ω┤Çδª¼∞₧É δ╣äφÖ£∞ä▒φÖö δ░⌐∞ºÇ" AVO03 "∞é¼∞Ü⌐∞₧É Ω╢îφò£ ∞áò∞▒à δ│ÇΩ▓╜ δ░⌐∞ºÇ" AVO04 "∞ïñφûë φîî∞¥╝ δ░Å Ω╡¼∞ä▒ φîî∞¥╝∞¥ÿ ∞¢ÉΩ▓⌐ ∞₧æ∞ä▒/∞êÿ∞áò δ░⌐∞ºÇ" AVO05 "∞₧ÉδÅÖ ∞ïñφûë φîî∞¥╝∞¥ÿ ∞¢ÉΩ▓⌐ ∞₧æ∞ä▒ δ░⌐∞ºÇ" AVO06 ".EXE δ░Å Ω╕░φâÇ ∞ïñφûë φîî∞¥╝ φÖò∞₧Ñδ¬à∞¥ÿ Ω░Çδí£∞▒äΩ╕░ δ░⌐∞ºÇ" AVO07 "svchost∞ùÉ∞ä£ δ╣ä Windows ∞ïñφûë φîî∞¥╝∞¥ÿ ∞ïñφûë δ░⌐∞ºÇ" AVO08 "Windows φöäδí£∞ä╕∞èñ ∞èñφæ╕φòæ δ░⌐∞ºÇ" AVO09 "∞òöφÿ╕ δ░Å ∞áä∞₧É δ⌐ö∞¥╝ ∞ú╝∞åî δÅäδææ∞£╝δí£δ╢Çφä░ ∞áäφÖö δ▓êφÿ╕δ╢Ç δ│┤φÿ╕" AVO10 "δ░£∞åí δ⌐ö∞¥╝∞ùÉ∞ä£ δîÇδƒë δ⌐ö∞¥╝ δ░£∞åí ∞¢£ δ░⌐∞ºÇ" AVO11 "IRC φå╡∞ïá δ░⌐∞ºÇ" AVO12 "tftp.exe ∞é¼∞Ü⌐ δ░⌐∞ºÇ" AVW01 "δ¬¿δôá φîî∞¥╝ φÖò∞₧Ñδ¬à∞¥ÿ δô▒δí¥ δ│ÇΩ▓╜ δ░⌐∞ºÇ" AVW02 "∞òöφÿ╕ δ░Å ∞áä∞₧É δ⌐ö∞¥╝ ∞ú╝∞åî δÅäδææ∞£╝δí£δ╢Çφä░ ∞║É∞ï£δÉ£ φîî∞¥╝ δ│┤φÿ╕" CO01 "McAfee φîî∞¥╝ δ░Å ∞äñ∞áò ∞êÿ∞áò δ░⌐∞ºÇ" CO02 "McAfee Common Management Agent φîî∞¥╝ δ░Å ∞äñ∞áò ∞êÿ∞áò δ░⌐∞ºÇ" CO03 "McAfee Scan Engine φîî∞¥╝ δ░Å ∞äñ∞áò ∞êÿ∞áò δ░⌐∞ºÇ" CO04 "Mozilla & FireFox φîî∞¥╝ δ░Å ∞äñ∞áò δ│┤φÿ╕" CO05 "Internet Explorer ∞äñ∞áò δ│┤φÿ╕" CO06 "δ╕îδ¥╝∞Ü░∞áÇ δÅä∞Ü░δ»╕ Ω░£∞▓┤ δ░Å ∞à╕ φÖò∞₧Ñ ∞äñ∞╣ÿ δ░⌐∞ºÇ" CO12 "δäñφè╕∞¢îφü¼ ∞äñ∞áò δ│┤φÿ╕" CO13 "∞¥╝δ░ÿ φöäδí£Ω╖╕δ₧¿∞ùÉ δîÇφò┤ Temp φÅ┤δìö∞ùÉ∞ä£ φîî∞¥╝ ∞ïñφûë δ░⌐∞ºÇ" COSP "McAfee φöäδí£∞ä╕∞èñ ∞óàδúî δ░⌐∞ºÇ" CW01a "∞₧ÉδÅÖ ∞ïñφûë φöäδí£Ω╖╕δ₧¿∞£╝δí£ δô▒δí¥ δ░⌐∞ºÇ" CW01b "φöäδí£Ω╖╕δ₧¿∞¥ä ∞ä£δ╣ä∞èñδí£ δô▒δí¥φòÿ∞ºÇ ∞òèδÅäδí¥ δ░⌐∞ºÇ" CW02a "Windows φÅ┤δìö∞ùÉ∞ä£ ∞âê ∞ïñφûë φîî∞¥╝ ∞₧æ∞ä▒ δ░⌐∞ºÇ" CW02b "Program Files φÅ┤δìö∞ùÉ∞ä£ ∞âê ∞ïñφûë φîî∞¥╝ ∞₧æ∞ä▒ δ░⌐∞ºÇ" CW04 "Downloaded Program Files φÅ┤δìö∞ùÉ∞ä£ φîî∞¥╝∞¥ä ∞ïñφûëφòÿ∞ºÇ δ¬╗φòÿδÅäδí¥ δ░⌐∞ºÇ" CW05 "FTP φå╡∞ïá δ░⌐∞ºÇ" CW06 "HTTP φå╡∞ïá δ░⌐∞ºÇ" OB01 "δ¬¿δôá Ω│╡∞£áδÑ╝ ∞¥╜Ω╕░ ∞áä∞Ü⌐∞£╝δí£" OB02 "δ¬¿δôá Ω│╡∞£á∞ùÉ ∞¥╜Ω╕░ δ░Å ∞ô░Ω╕░ ∞òí∞ä╕∞èñ ∞░¿δï¿" VM01 "VMWare φöäδí£∞ä╕∞èñ∞¥ÿ ∞óàδúî δ░⌐∞ºÇ" VM02 "VMWare ∞¢îφü¼∞èñφàî∞¥┤∞àÿ φîî∞¥╝ δ░Å ∞äñ∞áò ∞êÿ∞áò δ░⌐∞ºÇ" VM03 "VMWare ∞ä£δ▓ä φîî∞¥╝ δ░Å ∞äñ∞áò ∞êÿ∞áò δ░⌐∞ºÇ" VM04 "VMWare VM φîî∞¥╝ ∞êÿ∞áò δ░⌐∞ºÇ" }} AccessProtection { Strings 13 { G_010_AntiSpyOn "Standaardbeveiliging van Anti-spyware" G_020_AntiSpyOff "Maximale beveiliging van Anti-spyware" G_030_AntiVirusOn "Standaardbeveiliging van Anti-virus" G_040_AntiVirusOff "Maximale beveiliging van Anti-virus" G_050_Outbreak "Uitbraakbeveiliging van Anti-virus" G_060_CommonOn "Algemene standaardbeveiliging" G_070_CommonOff "Algemene maximale beveiliging" G_080_VM "Beveiliging van virtual machine" G_User "Door gebruiker opgegeven regels" ASO01 "Favorieten en instellingen van Internet Explorer beveiligen" ASW01 "Voorkomen dat nieuwe CLSID's, APPID's en TYPELIB's worden ge├»nstalleerd" ASW02 "Voorkomen dat bestanden in de map Temp worden geopend vanuit alle programma's" ASW03 "Voorkomen dat scripts worden uitgevoerd vanuit de map Temp" AVO02 "Voorkomen dat Register-editor en Taakbeheer worden uitgeschakeld" AVO03 "Voorkomen dat gebruikersbeleidsregels worden gewijzigd" AVO04 "Voorkomen dat uitvoerbare bestanden en configuratiebestanden vanaf externe computers worden gemaakt of gewijzigd" AVO05 "Voorkomen dat automatisch uitvoerbare bestanden vanaf externe computers worden gemaakt" AVO06 "Voorkomen dat bestanden met de extensie .EXE en andere uitvoerbare extensies worden gekaapt" AVO07 "Voorkomen dat uitvoerbare bestanden die niet tot Windows behoren worden uitgevoerd via svchost" AVO08 "Spoofing van Windows-processen voorkomen" AVO09 "Telefoonlijstbestanden beveiligen tegen diefstal van wachtwoorden en e-mailadressen" AVO10 "Voorkomen dat massamailing-wormen e-mailberichten verzenden" AVO11 "IRC-communicatie voorkomen" AVO12 "Gebruik van tftp.exe voorkomen" AVW01 "Voorkomen dat geregistreerde bestandsextensies worden gewijzigd" AVW02 "In de cache geladen bestanden beveiligen tegen diefstal van wachtwoorden en e-mailadressen" CO01 "Voorkomen dat McAfee-bestanden en -instellingen worden gewijzigd" CO02 "Voorkomen dat bestanden en instellingen van McAfee Common Management Agent worden gewijzigd" CO03 "Voorkomen dat bestanden en instellingen van de scanengine van McAfee worden gewijzigd" CO04 "Bestanden en instellingen van Mozilla en FireFox beveiligen" CO05 "Instellingen van Internet Explorer beveiligen" CO06 "Voorkomen dat browser-helperobjecten en shell-extensies worden ge├»nstalleerd" CO12 "Netwerkinstellingen beveiligen" CO13 "Voorkomen dat bestanden in de map Temp worden geopend vanuit gangbare programma's" COSP "Be├½indiging van McAfee-processen voorkomen" CW01a "Voorkomen dat programma's als automatisch uitvoerbaar worden geregistreerd" CW01b "Voorkomen dat programma's als service worden geregistreerd" CW02a "Voorkomen dat nieuwe uitvoerbare bestanden worden gemaakt in de map Windows" CW02b "Voorkomen dat nieuwe uitvoerbare bestanden worden gemaakt in de map Program Files" CW04 "Voorkomen dat bestanden worden geopend in de map Downloaded Program Files" CW05 "FTP-communicatie voorkomen" CW06 "HTTP-communicatie voorkomen" OB01 "Alle shares alleen-lezen maken" OB02 "Lees- en schrijftoegang tot alle shares blokkeren" VM01 "Voorkomen dat VMWare-processen worden be├½indigd" VM02 "Voorkomen dat bestanden en instellingen van het VMWare-werkstation worden gewijzigd" VM03 "Voorkomen dat bestanden en instellingen van de VMWare-server worden gewijzigd" VM04 "Voorkomen dat virtuele machinebestanden van VMWare worden gewijzigd" }} AccessProtection { Strings 15 { G_010_AntiSpyOn "Standardowe zabezpieczenia przeciwdzia┼éaj─àce oprogramowaniu szpieguj─àcemu" G_020_AntiSpyOff "Najwy┼╝szy poziom zabezpiecze┼ä przeciwdzia┼éaj─àcych oprogramowaniu szpieguj─àcemu" G_030_AntiVirusOn "Standardowe zabezpieczenie antywirusowe" G_040_AntiVirusOff "Maksymalne zabezpieczenie antywirusowe" G_050_Outbreak "Kontrola infekcji masowych" G_060_CommonOn "Wsp├│lne zabezpieczenia standardowe" G_070_CommonOff "Najwy┼╝szy poziom wsp├│lnych zabezpiecze┼ä" G_080_VM "Ochrona maszyny wirtualnej" G_User "Regu┼éy zdefiniowane przez u┼╝ytkownika" ASO01 "Chro┼ä ulubione i ustawienia programu Internet Explorer" ASW01 "Blokuj instalowanie nowych element├│w CLSID, APPID i TYPELIB" ASW02 "Powstrzymuj wszystkie programy przed uruchamianiem plik├│w w folderze Temp" ASW03 "Blokuj uruchamianie skrypt├│w w folderze Temp" AVO02 "Blokuj unieruchamianie program├│w Edytor rejestru i Mened┼╝er zada┼ä" AVO03 "Blokuj zmiany w zasadach praw u┼╝ytkownik├│w" AVO04 "Blokuj zdalne tworzenie/modyfikowanie plik├│w wykonywalnych i konfiguracyjnych" AVO05 "Blokuj zdalne tworzenie automatycznie uruchamianych plik├│w" AVO06 "Blokuj przechwytywanie plik├│w .EXE i innych typ├│w plik├│w wykonywalnych" AVO07 "Blokuj proces svchost przed uruchamianiem plik├│w wykonywalnych spoza systemu Windows" AVO08 "Blokuj podszywanie si─Ö pod procesy systemu Windows" AVO09 "Chro┼ä pliki ksi─à┼╝ki telefonicznej przed programami kradn─àcymi adresy e-mail i has┼éa" AVO10 "Blokuj wysy┼éanie wiadomo┼¢ci e-mail przez robaki poczty masowej." AVO11 "Blokuj komunikacj─Ö IRC." AVO12 "Blokuj korzystanie z programu tftp.exe" AVW01 "Blokuj zmiany w zapisach rejestru dotycz─àcych rozszerze┼ä plik├│w" AVW02 "Chro┼ä pliki buforowane przed programami kradn─àcymi adresy e-mail i has┼éa" CO01 "Blokuj modyfikowanie plik├│w i ustawie┼ä oprogramowania McAfee" CO02 "Blokuj modyfikowanie plik├│w i ustawie┼ä programu McAfee Common Management Agent" CO03 "Blokuj modyfikowanie plik├│w i ustawie┼ä programu McAfee Scan Engine" CO04 "Chro┼ä pliki i ustawienia program├│w Mozilla i FireFox" CO05 "Chro┼ä ustawienia programu Internet Explorer" CO06 "Blokuj instalowanie obiekt├│w pomocniczych przegl─àdarki i rozszerze┼ä pow┼éoki" CO12 "Chro┼ä ustawienia sieciowe" CO13 "Blokuj uruchamianie plik├│w w folderze Temp przez popularne programy" COSP "Zapobieganie ko┼äczeniu proces├│w aplikacji McAfee" CW01a "Blokuj programy rejestruj─àce si─Ö do automatycznego uruchamiania" CW01b "Blokuj programy rejestruj─àce si─Ö jako us┼éugi" CW02a "Blokuj tworzenie nowych plik├│w wykonywalnych w folderze Windows" CW02b "Blokuj tworzenie nowych plik├│w wykonywalnych w folderze Program Files" CW04 "Blokuj uruchamianie plik├│w z folderu Downloaded Program Files" CW05 "Blokuj komunikacj─Ö FTP" CW06 "Blokuj komunikacj─Ö HTTP" OB01 "Nadaj wszystkim udzia┼éom atrybut tylko do odczytu" OB02 "Zablokuj dost─Öp do odczytu i zapisu dla wszystkich udzia┼é├│w" VM01 "Blokuj ko┼äczenie proces├│w VMWare" VM02 "Blokuj modyfikowanie plik├│w i ustawie┼ä stacji roboczej VMWare" VM03 "Blokuj modyfikowanie plik├│w i ustawie┼ä serwera VMWare" VM04 "Blokuj modyfikowanie plik├│w maszyny wirtualnej VMWare" }} AccessProtection { Strings 16 { G_010_AntiSpyOn "Prote├º├úo padr├úo do anti-spyware" G_020_AntiSpyOff "Prote├º├úo m├íxima do anti-spyware" G_030_AntiVirusOn "Prote├º├úo padr├úo do antiv├¡rus" G_040_AntiVirusOff "Prote├º├úo m├íxima do antiv├¡rus" G_050_Outbreak "Controle de epidemia do antiv├¡rus" G_060_CommonOn "Prote├º├úo padr├úo do Common" G_070_CommonOff "Prote├º├úo m├íxima do Common" G_080_VM "Prote├º├úo de m├íquina virtual" G_User "Regras definidas pelo usu├írio" ASO01 "Proteger os sites favoritos e as configura├º├╡es do Internet Explorer" ASW01 "Impedir a instala├º├úo de novos CLSIDs, APPIDs e TYPELIBs" ASW02 "Impedir que todos os programas executem arquivos na pasta Temp" ASW03 "Impedir a execu├º├úo de scripts da pasta Temp" AVO02 "Impedir que o Editor do registro e o Gerenciador de tarefas sejam desativados" AVO03 "Impedir que as pol├¡ticas de direitos dos usu├írios sejam alteradas" AVO04 "Impedir a cria├º├úo/modifica├º├úo remota de arquivos execut├íveis e de configura├º├úo" AVO05 "Impedir a cria├º├úo remota de arquivos executados automaticamente" AVO06 "Impedir o seq├╝estro de .EXE e outras extens├╡es execut├íveis" AVO07 "Impedir que svchost execute execut├íveis que n├úo sejam do Windows" AVO08 "Impedir adultera├º├úo de processos do Windows " AVO09 "Proteger os arquivos do cat├ílogo telef├┤nico contra ladr├╡es de senhas e de endere├ºos de e-mail" AVO10 "Impedir que worms de e-mail em massa enviem mensagens" AVO11 "Impedir a comunica├º├úo do IRC" AVO12 "Impedir o uso do tftp.exe" AVW01 "Impedir a altera├º├úo de todos os registros de extens├úo de arquivo" AVW02 "Proteger os arquivos armazenados em cache contra ladr├╡es de senhas e de endere├ºos de e-mail" CO01 "Impedir a modifica├º├úo de arquivos e configura├º├╡es da McAfee" CO02 "Impedir a modifica├º├úo de arquivos e configura├º├╡es do agente de gerenciamento comum McAfee" CO03 "Impedir a modifica├º├úo de arquivos e configura├º├╡es do mecanismo de varredura McAfee" CO04 "Proteger arquivos e configura├º├╡es do Mozilla FireFox" CO05 "Proteger configura├º├╡es do Internet Explorer" CO06 "Impedir a instala├º├úo de BHOs (Objetos de Ajuda de Navega├º├úo) e extens├╡es do shell" CO12 "Proteger configura├º├╡es de rede" CO13 "Impedir que os programas comuns executem arquivos na pasta Temp" COSP "Impedir encerramento de processos da McAfee" CW01a "Impedir que programas que estejam se registrando sejam executados automaticamente" CW01b "Impedir programas que estejam se registrando como um servi├ºo" CW02a "Impedir a cria├º├úo de novos arquivos execut├íveis na pasta Windows" CW02b "Impedir a cria├º├úo de novos arquivos execut├íveis na pasta Arquivos de programa" CW04 "Impedir a inicializa├º├úo de arquivos na pasta Downloaded Program Files" CW05 "Impedir comunica├º├úo por FTP" CW06 "Impedir comunica├º├úo por HTTP" OB01 "Tornar todos os compartilhamentos somente leitura" OB02 "Bloquear o acesso de leitura e grava├º├úo a todos os compartilhamentos" VM01 "Impede o encerramento de processos do VMWare" VM02 "Impede a modifica├º├úo de configura├º├╡es e arquivos do VMWare Workstation" VM03 "Impede a modifica├º├úo de configura├º├╡es e arquivos do VMWare Server" VM04 "Impede a modifica├º├úo de arquivos de m├íquina virtual do VMWare" }} AccessProtection { Strings 19 { G_010_AntiSpyOn "╨í╤é╨░╨╜╨┤╨░╤Ç╤é╨╜╨░╤Å ╨╖╨░╤ë╨╕╤é╨░ ╨╛╤é ╨┐╤Ç╨╛╨│╤Ç╨░╨╝╨╝-╤ê╨┐╨╕╨╛╨╜╨╛╨▓" G_020_AntiSpyOff "╨£╨░╨║╤ü╨╕╨╝╨░╨╗╤î╨╜╨░╤Å ╨╖╨░╤ë╨╕╤é╨░ ╨╛╤é ╨┐╤Ç╨╛╨│╤Ç╨░╨╝╨╝-╤ê╨┐╨╕╨╛╨╜╨╛╨▓" G_030_AntiVirusOn "╨í╤é╨░╨╜╨┤╨░╤Ç╤é╨╜╨░╤Å ╨░╨╜╤é╨╕╨▓╨╕╤Ç╤â╤ü╨╜╨░╤Å ╨╖╨░╤ë╨╕╤é╨░" G_040_AntiVirusOff "╨£╨░╨║╤ü╨╕╨╝╨░╨╗╤î╨╜╨░╤Å ╨░╨╜╤é╨╕╨▓╨╕╤Ç╤â╤ü╨╜╨░╤Å ╨╖╨░╤ë╨╕╤é╨░" G_050_Outbreak "╨É╨╜╤é╨╕╨▓╨╕╤Ç╤â╤ü╨╜╤ï╨╣ ╨║╨╛╨╜╤é╤Ç╨╛╨╗╤î ╤ì╨┐╨╕╨┤╨╡╨╝╨╕╨╣" G_060_CommonOn "╨í╤é╨░╨╜╨┤╨░╤Ç╤é╨╜╨░╤Å ╨╛╨▒╤ë╨░╤Å ╨╖╨░╤ë╨╕╤é╨░" G_070_CommonOff "╨£╨░╨║╤ü╨╕╨╝╨░╨╗╤î╨╜╨░╤Å ╨╛╨▒╤ë╨░╤Å ╨╖╨░╤ë╨╕╤é╨░" G_080_VM "╨ù╨░╤ë╨╕╤é╨░ ╨▓╨╕╤Ç╤é╤â╨░╨╗╤î╨╜╤ï╤à ╨╝╨░╤ê╨╕╨╜" G_User "╨ƒ╤Ç╨░╨▓╨╕╨╗╨░, ╨╛╨┐╤Ç╨╡╨┤╨╡╨╗╤Å╨╡╨╝╤ï╨╡ ╨┐╨╛╨╗╤î╨╖╨╛╨▓╨░╤é╨╡╨╗╨╡╨╝" ASO01 "╨₧╨▒╨╡╤ü╨┐╨╡╤ç╨╕╤é╤î ╨╖╨░╤ë╨╕╤é╤â ╨╕╨╖╨▒╤Ç╨░╨╜╨╜╨╛╨│╨╛ ╨╕ ╨╜╨░╤ü╤é╤Ç╨╛╨╡╨║ Internet Explorer" ASW01 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╤â╤ü╤é╨░╨╜╨╛╨▓╨║╤â ╨╜╨╛╨▓╤ï╤à ╤ì╨╗╨╡╨╝╨╡╨╜╤é╨╛╨▓ CLSID, APPID ╨╕ TYPELIB" ASW02 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╖╨░╨┐╤â╤ü╨║ ╤ä╨░╨╣╨╗╨╛╨▓ ╨╕╨╖ ╨┐╨░╨┐╨║╨╕ Temp ╨┤╨╗╤Å ╨▓╤ü╨╡╤à ╨┐╤Ç╨╛╨│╤Ç╨░╨╝╨╝" ASW03 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨▓╤ï╨┐╨╛╨╗╨╜╨╡╨╜╨╕╨╡ ╤ü╤å╨╡╨╜╨░╤Ç╨╕╨╡╨▓ ╨╕╨╖ ╨┐╨░╨┐╨║╨╕ Temp" AVO02 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╛╤é╨║╨╗╤Ä╤ç╨╡╨╜╨╕╨╡ ╤Ç╨╡╨┤╨░╨║╤é╨╛╤Ç╨░ ╤Ç╨╡╨╡╤ü╤é╤Ç╨░ ╨╕ ╨┤╨╕╤ü╨┐╨╡╤é╤ç╨╡╤Ç╨░ ╨╖╨░╨┤╨░╤ç" AVO03 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╕╨╖╨╝╨╡╨╜╨╡╨╜╨╕╨╡ ╨┐╨╛╨╗╨╕╤é╨╕╨║ ╨┐╤Ç╨░╨▓ ╨┐╨╛╨╗╤î╨╖╨╛╨▓╨░╤é╨╡╨╗╨╡╨╣" AVO04 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╤â╨┤╨░╨╗╨╡╨╜╨╜╨╛╨╡ ╤ü╨╛╨╖╨┤╨░╨╜╨╕╨╡ ╨╕ ╨╕╨╖╨╝╨╡╨╜╨╡╨╜╨╕╨╡ ╨╕╤ü╨┐╨╛╨╗╨╜╤Å╨╡╨╝╤ï╤à ╤ä╨░╨╣╨╗╨╛╨▓ ╨╕ ╤ä╨░╨╣╨╗╨╛╨▓ ╨║╨╛╨╜╤ä╨╕╨│╤â╤Ç╨░╤å╨╕╨╕" AVO05 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╤â╨┤╨░╨╗╨╡╨╜╨╜╨╛╨╡ ╤ü╨╛╨╖╨┤╨░╨╜╨╕╨╡ ╤ä╨░╨╣╨╗╨╛╨▓ ╨░╨▓╤é╨╛╨╖╨░╨┐╤â╤ü╨║╨░" AVO06 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨┐╨╡╤Ç╨╡╤à╨▓╨░╤é ╨║╨╛╨╜╤é╤Ç╨╛╨╗╤Å ╨╜╨░╨┤ EXE ╨╕ ╨┤╤Ç╤â╨│╨╕╨╝╨╕ ╨╕╤ü╨┐╨╛╨╗╨╜╤Å╨╡╨╝╤ï╨╝╨╕ ╤Ç╨░╤ü╤ê╨╕╤Ç╨╡╨╜╨╕╤Å╨╝╨╕" AVO07 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╕╤ü╨┐╨╛╨╗╨╜╨╡╨╜╨╕╨╡ ╨┐╤Ç╨╛╤å╨╡╤ü╤ü╨╛╨╝ svchost ╨╕╤ü╨┐╨╛╨╗╨╜╤Å╨╡╨╝╤ï╤à ╤ä╨░╨╣╨╗╨╛╨▓ ╨╜╨╡ ╨▓ ╤ä╨╛╤Ç╨╝╨░╤é╨╡ Windows" AVO08 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨┐╨╛╨┤╨┤╨╡╨╗╨║╤â ╨┐╤Ç╨╛╤å╨╡╤ü╤ü╨╛╨▓ Windows" AVO09 "╨₧╨▒╨╡╤ü╨┐╨╡╤ç╨╕╤é╤î ╨╖╨░╤ë╨╕╤é╤â ╤ä╨░╨╣╨╗╨╛╨▓ ╤é╨╡╨╗╨╡╤ä╨╛╨╜╨╜╨╛╨╣ ╨║╨╜╨╕╨│╨╕ ╨╛╤é ╨║╤Ç╨░╨╢╨╕ ╨┐╨░╤Ç╨╛╨╗╨╡╨╣ ╨╕ ╨░╨┤╤Ç╨╡╤ü╨╛╨▓ ╤ì╨╗╨╡╨║╤é╤Ç╨╛╨╜╨╜╨╛╨╣ ╨┐╨╛╤ç╤é╤ï" AVO10 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╛╤é╨┐╤Ç╨░╨▓╨║╤â ╨┐╨╛╤ç╤é╤ï ╤ç╨╡╤Ç╨▓╤Å╨╝╨╕ ╨╝╨░╤ü╤ü╨╛╨▓╨╛╨╣ ╤Ç╨░╤ü╤ü╤ï╨╗╨║╨╕" AVO11 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨▓╨╖╨░╨╕╨╝╨╛╨┤╨╡╨╣╤ü╤é╨▓╨╕╨╡ ╨┐╨╛ IRC-╨┐╤Ç╨╛╤é╨╛╨║╨╛╨╗╤â" AVO12 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╕╤ü╨┐╨╛╨╗╤î╨╖╨╛╨▓╨░╨╜╨╕╨╡ tftp.exe" AVW01 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╕╨╖╨╝╨╡╨╜╨╡╨╜╨╕╨╡ ╤Ç╨╡╨│╨╕╤ü╤é╤Ç╨░╤å╨╕╨╣ ╨▓╤ü╨╡╤à ╤Ç╨░╤ü╤ê╨╕╤Ç╨╡╨╜╨╕╨╣ ╤ä╨░╨╣╨╗╨╛╨▓" AVW02 "╨₧╨▒╨╡╤ü╨┐╨╡╤ç╨╕╤é╤î ╨╖╨░╤ë╨╕╤é╤â ╨║╤ì╤ê╨╕╤Ç╨╛╨▓╨░╨╜╨╜╤ï╤à ╤ä╨░╨╣╨╗╨╛╨▓ ╨╛╤é ╨║╤Ç╨░╨╢╨╕ ╨┐╨░╤Ç╨╛╨╗╨╡╨╣ ╨╕ ╨░╨┤╤Ç╨╡╤ü╨╛╨▓ ╤ì╨╗╨╡╨║╤é╤Ç╨╛╨╜╨╜╨╛╨╣ ╨┐╨╛╤ç╤é╤ï" CO01 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╕╨╖╨╝╨╡╨╜╨╡╨╜╨╕╨╡ ╤ä╨░╨╣╨╗╨╛╨▓ ╨╕ ╨╜╨░╤ü╤é╤Ç╨╛╨╡╨║ McAfee" CO02 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╕╨╖╨╝╨╡╨╜╨╡╨╜╨╕╨╡ ╤ä╨░╨╣╨╗╨╛╨▓ ╨╕ ╨╜╨░╤ü╤é╤Ç╨╛╨╡╨║ McAfee Common Management Agent" CO03 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╕╨╖╨╝╨╡╨╜╨╡╨╜╨╕╨╡ ╤ä╨░╨╣╨╗╨╛╨▓ ╨╕ ╨╜╨░╤ü╤é╤Ç╨╛╨╡╨║ ╤Å╨┤╤Ç╨░ ╤ü╨║╨░╨╜╨╕╤Ç╨╛╨▓╨░╨╜╨╕╤Å McAfee" CO04 "╨₧╨▒╨╡╤ü╨┐╨╡╤ç╨╕╤é╤î ╨╖╨░╤ë╨╕╤é╤â ╤ä╨░╨╣╨╗╨╛╨▓ ╨╕ ╨╜╨░╤ü╤é╤Ç╨╛╨╡╨║ Mozilla & FireFox" CO05 "╨₧╨▒╨╡╤ü╨┐╨╡╤ç╨╕╤é╤î ╨╖╨░╤ë╨╕╤é╤â ╨╜╨░╤ü╤é╤Ç╨╛╨╡╨║ Internet Explorer" CO06 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╤â╤ü╤é╨░╨╜╨╛╨▓╨║╤â ╨╛╨▒╤è╨╡╨║╤é╨╛╨▓ ╨╝╨╛╨┤╤â╨╗╤Å ╨┐╨╛╨┤╨┤╨╡╤Ç╨╢╨║╨╕ ╨╛╨▒╨╛╨╖╤Ç╨╡╨▓╨░╤é╨╡╨╗╤Å ╨╕ ╤Ç╨░╤ü╤ê╨╕╤Ç╨╡╨╜╨╕╨╣ ╨╛╨▒╨╛╨╗╨╛╤ç╨║╨╕" CO12 "╨₧╨▒╨╡╤ü╨┐╨╡╤ç╨╕╤é╤î ╨╖╨░╤ë╨╕╤é╤â ╤ü╨╡╤é╨╡╨▓╤ï╤à ╨╜╨░╤ü╤é╤Ç╨╛╨╡╨║" CO13 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╖╨░╨┐╤â╤ü╨║ ╨╛╨▒╤ë╨╕╨╝╨╕ ╨┐╤Ç╨╛╨│╤Ç╨░╨╝╨╝╨░╨╝╨╕ ╤ä╨░╨╣╨╗╨╛╨▓ ╨╕╨╖ ╨┐╨░╨┐╨║╨╕ Temp" COSP "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╖╨░╨▓╨╡╤Ç╤ê╨╡╨╜╨╕╨╡ ╨┐╤Ç╨╛╤å╨╡╤ü╤ü╨╛╨▓ McAfee" CW01a "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╤Ç╨╡╨│╨╕╤ü╤é╤Ç╨░╤å╨╕╤Ä ╨┐╤Ç╨╛╨│╤Ç╨░╨╝╨╝ ╨┤╨╗╤Å ╨░╨▓╤é╨╛╨╖╨░╨┐╤â╤ü╨║╨░" CW01b "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╤Ç╨╡╨│╨╕╤ü╤é╤Ç╨░╤å╨╕╤Ä ╨┐╤Ç╨╛╨│╤Ç╨░╨╝╨╝ ╨║╨░╨║ ╤ü╨╗╤â╨╢╨▒" CW02a "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╤ü╨╛╨╖╨┤╨░╨╜╨╕╨╡ ╨╜╨╛╨▓╤ï╤à ╨╕╤ü╨┐╨╛╨╗╨╜╤Å╨╡╨╝╤ï╤à ╤ä╨░╨╣╨╗╨╛╨▓ ╨▓ ╨┐╨░╨┐╨║╨╡ Windows" CW02b "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╤ü╨╛╨╖╨┤╨░╨╜╨╕╨╡ ╨╜╨╛╨▓╤ï╤à ╨╕╤ü╨┐╨╛╨╗╨╜╤Å╨╡╨╝╤ï╤à ╤ä╨░╨╣╨╗╨╛╨▓ ╨▓ ╨┐╨░╨┐╨║╨╡ Program Files" CW04 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╖╨░╨┐╤â╤ü╨║ ╤ä╨░╨╣╨╗╨╛╨▓ ╨╕╨╖ ╨┐╨░╨┐╨║╨╕ Downloaded Program Files" CW05 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨▓╨╖╨░╨╕╨╝╨╛╨┤╨╡╨╣╤ü╤é╨▓╨╕╨╡ ╨┐╨╛ ╨┐╤Ç╨╛╤é╨╛╨║╨╛╨╗╤â FTP" CW06 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨▓╨╖╨░╨╕╨╝╨╛╨┤╨╡╨╣╤ü╤é╨▓╨╕╨╡ ╨┐╨╛ ╨┐╤Ç╨╛╤é╨╛╨║╨╛╨╗╤â HTTP" OB01 "╨í╨┤╨╡╨╗╨░╤é╤î ╨▓╤ü╨╡ ╨╛╨▒╤ë╨╕╨╡ ╤Ç╨╡╤ü╤â╤Ç╤ü╤ï ╨┤╨╛╤ü╤é╤â╨┐╨╜╤ï╨╝╨╕ ╤é╨╛╨╗╤î╨║╨╛ ╨┤╨╗╤Å ╤ç╤é╨╡╨╜╨╕╤Å" OB02 "╨æ╨╗╨╛╨║╨╕╤Ç╨╛╨▓╨░╤é╤î ╤ç╤é╨╡╨╜╨╕╨╡ ╨╕ ╨╖╨░╨┐╨╕╤ü╤î ╨┤╨╗╤Å ╨▓╤ü╨╡╤à ╨╛╨▒╤ë╨╕╤à ╤Ç╨╡╤ü╤â╤Ç╤ü╨╛╨▓" VM01 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╖╨░╨▓╨╡╤Ç╤ê╨╡╨╜╨╕╨╡ ╨┐╤Ç╨╛╤å╨╡╤ü╤ü╨╛╨▓ VMWare" VM02 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╕╨╖╨╝╨╡╨╜╨╡╨╜╨╕╨╡ ╤ä╨░╨╣╨╗╨╛╨▓ ╨╕ ╨╜╨░╤ü╤é╤Ç╨╛╨╡╨║ ╤Ç╨░╨▒╨╛╤ç╨╡╨╣ ╤ü╤é╨░╨╜╤å╨╕╨╕ VMWare" VM03 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╕╨╖╨╝╨╡╨╜╨╡╨╜╨╕╨╡ ╤ä╨░╨╣╨╗╨╛╨▓ ╨╕ ╨╜╨░╤ü╤é╤Ç╨╛╨╡╨║ ╤ü╨╡╤Ç╨▓╨╡╤Ç╨░ VMWare" VM04 "╨ƒ╤Ç╨╡╨┤╨╛╤é╨▓╤Ç╨░╤é╨╕╤é╤î ╨╕╨╖╨╝╨╡╨╜╨╡╨╜╨╕╨╡ ╤ä╨░╨╣╨╗╨╛╨▓ ╨▓╨╕╤Ç╤é╤â╨░╨╗╤î╨╜╨╛╨╣ ╨╝╨░╤ê╨╕╨╜╤ï VMWare" }} AccessProtection { Strings 1D { G_010_AntiSpyOn "Anti-Spyware - Standardskydd" G_020_AntiSpyOff "Anti-Spyware - Maximalt skydd" G_030_AntiVirusOn "Anti-Virus - Standardskydd" G_040_AntiVirusOff "Anti-Virus - Maximalt skydd" G_050_Outbreak "Anti-Virus - Utbrottskontroll" G_060_CommonOn "Vanligt standardskydd" G_070_CommonOff "Vanligt maximalt skydd" G_080_VM "Skydd f├╢r virtuella maskiner" G_User "Anv├ñndardefinierade regler" ASO01 "Skydda favoriter och inst├ñllningar i Internet Explorer" ASW01 "F├╢rhindra installation av nya CLSID-, APPID- och TYPELIB-objekt" ASW02 "F├╢rhindra att program k├╢r filer fr├Ñn mappen Temp" ASW03 "F├╢rhindra skriptk├╢rning fr├Ñn mappen Temp" AVO02 "F├╢rhindra att Registereditorn och Aktivitetshanteraren st├ñngs av" AVO03 "F├╢rhindra att principer f├╢r anv├ñndarr├ñttigheter ├ñndras" AVO04 "F├╢rhindra att k├╢rbara filer och konfigurationsfiler ├ñndras/skapas fr├Ñn en fj├ñrranslutning" AVO05 "F├╢rhindra att fj├ñrranslutningar skapar filer som k├╢rs automatiskt" AVO06 "F├╢rhindra att EXE-filer och andra k├╢rbara filnamnstill├ñgg kapas" AVO07 "F├╢rhindra att svchost k├╢r program som inte ing├Ñr i Windows" AVO08 "F├╢rhindra att Windows-processer f├╢rfalskas" AVO09 "Skydda l├╢senord och e-postadresser i adressb├╢cker" AVO10 "F├╢rhindra massutskicksmaskar att skicka e-post" AVO11 "F├╢rhindra IRC-kommunikation" AVO12 "F├╢rhindra k├╢rning av tftp.exe" AVW01 "F├╢rhindra att registerinformation om filnamnstill├ñgg ├ñndras" AVW02 "Skydda l├╢senord och e-postadresser i cachade filer" CO01 "Blockerar ├ñndringar av filer och inst├ñllningar f├╢r McAfee" CO02 "Blockera ├ñndringar av filer och inst├ñllningar f├╢r McAfee Common Management Agent" CO03 "Blockera ├ñndringar av filer och inst├ñllningar f├╢r McAfee Scan Engine" CO04 "Skydda filer och inst├ñllningar f├╢r Mozilla & FireFox" CO05 "Skydda inst├ñllningar i Internet Explorer" CO06 "Blockera installation av webbl├ñsartill├ñgg och till├ñgg till Utforskaren" CO12 "Skydda n├ñtverksinst├ñllningar" CO13 "F├╢rhindra att vanliga program k├╢r filer fr├Ñn mappen Temp" COSP "F├╢rhindra att McAfee-processer avbryts" CW01a "F├╢rhindra att program registreras f├╢r att k├╢ras automatiskt" CW01b "F├╢rhindra att program registreras som tj├ñnster" CW02a "F├╢rhindra att nya k├╢rbara filer skapas i mappen Windows" CW02b "F├╢rhindra att nya k├╢rbara filer skapas i mappen Program" CW04 "F├╢rhindra att filer i mappen Downloaded Program Files k├╢rs" CW05 "F├╢rhindra FTP-kommunikation" CW06 "F├╢rhindra HTTP-kommunikation" OB01 "Skrivskydda alla resurser" OB02 "Sp├ñrra l├ñs- och skriv├Ñtkomst f├╢r alla resurser" VM01 "F├╢rhindra att VMWare-processer avbryts" VM02 "Blockerar ├ñndringar av filer och inst├ñllningar f├╢r VMWare Workstation" VM03 "Blockerar ├ñndringar av filer och inst├ñllningar f├╢r VMWare Server" VM04 "Blockerar ├ñndringar av filer f├╢r virtuella maskiner i VMWare" }} AccessProtection { Strings 0402 { G_010_AntiSpyOn "Θÿ▓Θù┤Φ░ìτ¿ïσ║ÅµáçσçåΣ┐¥µèñ" G_020_AntiSpyOff "Θÿ▓Θù┤Φ░ìτ¿ïσ║Åµ£ÇσñºΣ┐¥µèñ" G_030_AntiVirusOn "Θÿ▓τùàµ»ÆµáçσçåΣ┐¥µèñ" G_040_AntiVirusOff "Θÿ▓τùàµ»Æµ£ÇσñºΣ┐¥µèñ" G_050_Outbreak "Θÿ▓τùàµ»ÆτêåσÅæµÄºσê╢" G_060_CommonOn "ΘÇÜτö¿µáçσçåΣ┐¥µèñ" G_070_CommonOff "ΘÇÜτö¿µ£ÇσñºΣ┐¥µèñ" G_080_VM "ΦÖÜµïƒµ£║Σ┐¥µèñ" G_User "τö¿µê╖σ«ÜΣ╣ëτÜäΦºäσêÖ" ASO01 "Σ┐¥µèñ Internet Explorer µö╢ΦùÅσñ╣σÆîΦ«╛τ╜«" ASW01 "τªüµ¡óσ«ëΦúàµû░τÜä CLSIDπÇüAPPID σÆî TYPELIB" ASW02 "τªüµ¡óµëÇµ£ëτ¿ïσ║ÅΣ╗Ä Temp µûçΣ╗╢σñ╣Φ┐ÉΦíîµûçΣ╗╢" ASW03 "τªüµ¡óΣ╗Ä Temp µûçΣ╗╢σñ╣µëºΦíîΦäÜµ£¼" AVO02 "τªüµ¡óτªüτö¿µ│¿σåîΦí¿τ╝ûΦ╛æσÖ¿σÆîΣ╗╗σèíτ«íτÉåσÖ¿" AVO03 "τªüµ¡óµ¢┤µö╣τö¿µê╖µ¥âΘÖÉτ¡ûτòÑ" AVO04 "τªüµ¡óΦ┐£τ¿ïσê¢σ╗║/Σ┐«µö╣σÅ»µëºΦíîµûçΣ╗╢σÆîΘàìτ╜«µûçΣ╗╢" AVO05 "τªüµ¡óΦ┐£τ¿ïσê¢σ╗║Φç¬σè¿Φ┐ÉΦíîµûçΣ╗╢" AVO06 "τªüµ¡óµïªµê¬ .EXE σÆîσà╢Σ╗ûσÅ»µëºΦíîµûçΣ╗╢µë⌐σ▒òσÉì" AVO07 "τªüµ¡ó Svchost µëºΦíîΘ¥₧ Windows σÅ»µëºΦíîµûçΣ╗╢" AVO08 "τªüµ¡óΣ╝¬Φúà Windows Φ┐¢τ¿ï" AVO09 "Σ┐¥µèñτö╡Φ»¥τ░┐µûçΣ╗╢σàìσÅùσ»åτáüσÆîτö╡σ¡ÉΘé«Σ╗╢σ£░σ¥Çτ¬âΦ┤╝τÜäµö╗σç╗" AVO10 "τªüµ¡óτ╛ñσÅæΘé«Σ╗╢ΦáòΦÖ½σÅæΘÇüΘé«Σ╗╢" AVO11 "τªüµ¡ó IRC ΘÇÜΣ┐í" AVO12 "τªüµ¡óΣ╜┐τö¿ tftp.exe" AVW01 "τªüµ¡óµ¢┤µö╣µëÇµ£ëµûçΣ╗╢µë⌐σ▒òσÉìτÜäµ│¿σåî" AVW02 "Σ┐¥µèñτ╝ôσ¡ÿµûçΣ╗╢σàìσÅùσ»åτáüσÆîτö╡σ¡ÉΘé«Σ╗╢σ£░σ¥Çτ¬âΦ┤╝τÜäµö╗σç╗" CO01 "τªüµ¡óΣ┐«µö╣ McAfee µûçΣ╗╢σÆîΦ«╛τ╜«" CO02 "τªüµ¡óΣ┐«µö╣ McAfee Common Management Agent µûçΣ╗╢σÆîΦ«╛τ╜«" CO03 "τªüµ¡óΣ┐«µö╣ McAfee µë½µÅÅσ╝òµôÄµûçΣ╗╢σÆîΦ«╛τ╜«" CO04 "Σ┐¥µèñ Mozilla σÅè FireFox µûçΣ╗╢σÆîΦ«╛τ╜«" CO05 "Σ┐¥µèñ Internet Explorer Φ«╛τ╜«" CO06 "τªüµ¡óσ«ëΦúà Browser Helper Objects σÆî Shell Extensions" CO12 "Σ┐¥µèñτ╜æτ╗£Φ«╛τ╜«" CO13 "τªüµ¡óσà¼τö¿τ¿ïσ║ÅΣ╗Ä Temp µûçΣ╗╢σñ╣Φ┐ÉΦíîµûçΣ╗╢" COSP "Θÿ▓µ¡óτ╗êµ¡ó McAfee Φ┐¢τ¿ï" CW01a "τªüµ¡óσ░åτ¿ïσ║Åµ│¿σåîΣ╕║Φç¬σè¿Φ┐ÉΦíî" CW01b "τªüµ¡óσ░åτ¿ïσ║Åµ│¿σåîΣ╕║µ£ìσèí" CW02a "τªüµ¡óσ£¿ Windows µûçΣ╗╢σñ╣Σ╕¡σê¢σ╗║µû░τÜäσÅ»µëºΦíîµûçΣ╗╢" CW02b "τªüµ¡óσ£¿ Program Files µûçΣ╗╢σñ╣Σ╕¡σê¢σ╗║µû░τÜäσÅ»µëºΦíîµûçΣ╗╢" CW04 "τªüµ¡óΣ╗Ä Downloaded Program Files µûçΣ╗╢σñ╣σÉ»σè¿µûçΣ╗╢" CW05 "τªüµ¡ó FTP ΘÇÜΣ┐í" CW06 "τªüµ¡ó HTTP ΘÇÜΣ┐í" OB01 "σ░åµëÇµ£ëσà▒Σ║½Θí╣Φ«╛Σ╕║σÅ¬Φ»╗" OB02 "Θÿ╗µ¡óσ»╣µëÇµ£ëσà▒Σ║½Φ╡äµ║ÉτÜäΦ»╗σåÖΦ«┐Θù«" VM01 "Θÿ▓µ¡óτ╗êµ¡ó VMWare Φ┐¢τ¿ï" VM02 "τªüµ¡óΣ┐«µö╣ VMWare Workstation µûçΣ╗╢σÆîΦ«╛τ╜«" VM03 "τªüµ¡óΣ┐«µö╣ VMWare Server µûçΣ╗╢σÆîΦ«╛τ╜«" VM04 "τªüµ¡óΣ┐«µö╣ VMWare ΦÖÜµïƒµ£║µûçΣ╗╢" }}