Create your own security system with macloud

Create your own security system with macloud

So that some friends can manually add MCAFEE8.0! Enterprise Edition rules.

After mcafee is used, it seems that its monitoring is really hard to say, It is really good to kill soft, but it may be difficult for new users to set up, but if you only use the default settings, it will be less secure, many of my friends may import existing rules. In the spirit of DIY, and everyone should have their own unique settings, I would like to share with you the coffee rule settings.
Oh, I am also posting. There are a lot of rules, and you don't have to set them all. It depends on your actual situation!

Many people do not know about coffee. First, I will give a brief introduction to coffee.
Coffee is one of the three most popular soft sales targets in the world and the most popular soft sales targets. It is the most sensitive and most comprehensive measure to date.

The following is an official introduction of coffee to kill soft coffee:
McAfee
Anti-virus software, in addition to operation interface updates, also integrates the company's WebScanX features, added many new features!
In addition to helping you detect and clear viruses, it also has a VShield automatic monitoring System that will be resident in the System
Tray: When you enable a file from a disk, network, or e-mail folder, the security of the file is automatically detected. If the file contains viruses, the system immediately warns, and make appropriate processing, and support the mouse
Right-click the quick menu function, and you can use the password to lock your settings so that others cannot modify your settings.

I strongly recommend McAfee VirusScan 8.0i Chinese Enterprise Edition + Anti-Spyware

Notes for installing coffee:
1. During installation, select "permanent" in the time option and do not choose to book for a year.
2. The first upgrade of coffee will be very slow, about 2 ~ It takes 3 hours to complete. Please be patient. The virus database will be upgraded soon in the future, generally 1 ~ 3 minutes. Coffee 1 ~ Upgrade once every 3 days. In some cases, the upgrade is performed three or more times a day.

After the coffee is installed, set the coffee first.
1. access protection. Double-click access protection to enable access protection. There are three options: port blocking, file protection, and report.
(1) Change the port settings. Select all default port blocking.
Tian
Add the new blocking port rule. The total number of ports is 65535. Okay, set 1 ~ Set all ports 65535. Because there are two blocking modes for coffee ports: Block inbound traffic and block outbound traffic
1 ~ Port 65535 must be divided into two groups. One group stops passing through 1 ~ Port 65535 inbound, a group of blocks through 1 ~ Port 65535 outbound. For ease of setting and viewing port blocking
You can set the process in this way. 1 ~ 1000, set a rule at intervals of 100 ports and label the rule. 1000 ~ 10000, set a rule every 1000 ports.
Label rules. 10000 ~ 65535 set a rule and add a label at the same time. After the configuration is completed, you can connect to the Internet for testing. How can this problem be solved? Of course, no one else can get in. Okay,
Open the coffee log to check which processes are blocked and which specific rules are blocked. For example, the svchost.exe process is blocked by Rule 1.
Edit the dialog box and click svchost.exe. And so on. Add the affected processes. After setting, you can access the Internet. In this way, set the port
To block port 99%. The Trojans that pass through the port are almost useless.
(2) modify the access protection settings. Select all default settings. Click Edit to view the configurations of each rule.
All access attempts that can be blocked and reported are selected. -- In the default rules, many of them are warning modes. Change them. (Note: If you want to change the default settings, think twice; otherwise, an accident occurs.
I am not responsible ). Merge remote file protection rules such as exe and ocx. All remote operations include creating, writing, executing, reading, and deleting files.
(3) change the Log Path of the coffee. In other disks.
2. Harmful program policies. None of the default rules are selected. Select all of them.
3. Set a password for the coffee killer software. Coffee console-tools-User Interface Options-Password options. Select password to protect all the following items. Set a strong password of more than 8 characters. After setting a series of rules with coffee, you can lock the coffee killing interface. In this way, no one else can change your coffee settings.
4. Protection of shared resources. Open coffee access protection-File Protection-share resources, set it to block and report access attempts. In this way, shared resources cannot be shared by others.
5. Set by access scanner. General -- scan -- remove the boot area and scan the floppy disk when shutdown.

For other settings, let's do it on your own.

The above are some rules carried by coffee itself. For security purposes, you can perform more rigorous settings.

1. Use coffee to kill software to prevent rogue software such as 3721, Internet pigs, Chinese mail, Baidu souba, and yisearch.

At present, 3721, Internet pig, Chinese mail, Baidu souba, and yisearch often sneak into your computer, and it is difficult to uninstall it. Use coffee to stop them from entering.
Enable soft access protection and create the following rules:
1. It is prohibited to create, write, execute, and read 3721 of any content locally;
2. It is prohibited to create, write, execute, and read any content from the Internet pig locally;
3. It is prohibited to create, write, execute, and read any content of Chinese mail locally;
4. It is prohibited to create, write, execute, and read any content of Baidu souba locally;
5. You cannot create, write, execute, or read any content locally.
Well, 3721, Internet pig, Chinese mail, Baidu souba, yisearch and other rogue software have no reason to stay in your computer.
Add some settings. For example, the method to prevent 3721:
Coffee console --- access protection --- folder protection --- add
Rule name: Prohibit local creation, writing, execution, and reading of 3721 of any content
Blocked object:
File or file name to block: 3721 *
File Operations to be blocked: Check all operations before creating, writing, executing, and reading files.
Response Method: block and report access attempts
Even if many software are installed, bind 3721. When coffee opens this rule, 3721 only sees one ghost shadow-an empty 3721 folder.

 

2. Use coffee to kill software to prevent unknown Trojan viruses

I checked the relevant information. For now, there are basically three types of Trojans and viruses: exe, dll, and vxd. Okay, as long as we create the following three protection mechanisms:
1. It is prohibited to create or write any exe files anywhere on the local device.
2. Do not create or write any dll file anywhere on the local device.
3. It is prohibited to create or write any vxd file anywhere on the local device.

This
As shown in the following figure, all kinds of Trojans and viruses are unavailable. Of course, this rule is very aggressive, that is, you update the coffee virus database, upgrade other software, download files of the exe, dll, and vxd types, and
It is impossible to move any files of the exe, dll, and vxd types. Therefore, when you perform a similar operation, temporarily cancel the rule and continue to use it after the operation is completed.

Some rules are created as follows:
Coffee console --- access protection --- folder protection --- add
Rule name: do not create or write any exe files anywhere locally
Blocked object:
File or file name to block: *. exe
File Operation to be blocked: check before creating a file or writing a file.
Response Method: block and report access attempts
For other similar rules, refer to settings.

3. Block the arbitrary deletion of Files

Now
There are many viruses that delete mp3 format. Well, this can be done to prevent such incidents. Enable coffee access protection and create the following rule: Do not delete any local mp3 files. Okay, those diseases.
It is impossible to delete mp3 files. Even you cannot delete mp3! Unless banned! To prevent viruses and Trojans that are similar to deleting some files, all right. Create another rule: Disable local deletion.
Any content. All right, viruses and Trojans that delete various files are useless. Of course, if this rule works, you cannot delete anything yourself. When you need to delete
To cancel the rule temporarily. After the deletion operation is complete, open the rule again. This rule is very useful to protect your computer from being deleted by others. What's more, others don't even think of it.
Coffee is blocking the deletion operation!
The rule creation is as follows:
Coffee console --- access protection --- folder protection --- add
Rule name: Prohibit the deletion of any local mp3 files
Blocked object:
File or file name to block: *. mp3
Object operation to be blocked: Check the object before deleting it.
Response Method: block and report access attempts

Coffee console --- access protection --- folder protection --- add
Rule name: Prohibit the deletion of any local content
Blocked object:
File or file name to block :**
Object operation to be blocked: Check the object before deleting it.
Response Method: block and report access attempts

You can also use a similar method to protect any file from being deleted. For example, rm files. Try it by yourself.

4. Use coffee to protect the registry.

Contents
Many Trojans and viruses like to reside in the registry. Okay. We use coffee to create such a rule. You cannot create or write local registries. Okay. Unless you agree, the Registry will not be unavailable
Modified for no reason. If the rule is still enabled for coffee, including software installation, haha, although the software is installed, nothing is written in the registry. Although a lot of software needs to be written into the registry
Yes, but it can be used without being written into the registry. If you don't believe it, try it! Of course, if you do not write data to the Registry, software functions will be compromised, especially software and firewalls. I have done similar experiments. No
When the Anti-Spyware software is written into the registry, it can only find but cannot clear the spyware (check whether the number of spyware has nothing to do with whether the anti-spyware software is written into the Registry during installation ). Compare the Registry monitoring functions of Kingsoft and rising
Yes, Kingsoft and rising are far behind. Their monitoring of the registry is not only annoying, but also meaningless. For example, if you install a software and click "stop writing data to the Registry", click "continue. Ten years ago
. What is the significance?
The rule creation is as follows:
Coffee console --- access protection --- folder protection --- add
Rule name: Prohibit creation and writing of the local registry
Blocked object:
File or file name to block: *. reg
File Operation to be blocked: check before creating a file or writing a file.
Response Method: block and report access attempts

5. Use coffee to protect the home page.

You can use coffee kill to protect the browser homepage from being modified. This eliminates the need to install other software for protection. Other browser protection software not only occupies a certain amount of resources, but also has poor performance. The coffee protection effect is quite satisfactory. The specific method is as follows:
Coffee console --- access protection --- folder protection --- add
Rule name: do not create or modify the hosts file locally
Blocked object: IEXPLORE. EXE, or
File or file name to block: etc *
File Operation to be blocked: check before creating, writing, and deleting a file.
Response Method: block and report access attempts
Okay. A malicious Website Cannot change your homepage.

6. prevent malicious script intrusion.

Enable soft access protection for coffee