McAfee (coffee ee) 8.5i usage setting illustration

McAfee (coffee ee) 8.5i usage setting illustration

McAfee, Norton, and Kaspersky are also known as three major anti-virus software in the world. Its monitoring capabilities and protection rules are quite powerful and are the best of its kind of software. It is a soft killer that I highly recommend.

The essence of McAfee is rule settings. As long as the access protection rules are set properly, it can be said that they can be used to protect against viruses and viruses. However, it is the most complicated configuration in all anti-soft systems, and the software interface does not meet our usage habits. However, it is recommended because of its excellent anti-virus effect.

The following describes how to install, use, and set rules for McAfee VirusScan Enterprise 8.5i (the latest Enterprise Edition.

　　I. Installation

Install the setup.exe executable file in the installation package. Note the following points:

　　

　　Figure 1

As shown in figure 1, you can select the term of use for the "License Period type" here, and click the inverted triangle type button on the right, you can select "one year, two years, or permanent" from the drop-down list ". Select a country from the drop-down list of "select the country to purchase and use.

　　

　　Figure 2

You can choose either a typical installation or a custom installation. By default, the installation of all functional components is maximized. You can choose to install relevant components, as shown in figure 2. You can customize the installation directory in either of the two installation methods.

　　

　　Figure 3

As shown in figure 3, you can select the access protection level, standard protection, or maximum protection during the installation process. Standard protection is recommended here. After the software is installed successfully, the access protection rules can still be customized and modified.

　　

　　Figure 4

After the software is installed, you can use it without restarting the computer. This is the first time that I have met the anti-virus software that requires no restart. I think this is a real improvement. You need to restart the system after installing 8.0i. As shown in figure 4, "VirusScan Enterprise 8.5i" is displayed ".

　　

　　Figure 5

We recommend that you install the Anti-Spyware Enterprise 8.5i Anti-Spyware plug-in. The installation process is relatively simple. Double-click setup.exe in the installation package and click "Next" to complete the installation. After the anti-spyware plug-in is successfully installed, view the software information interface, as shown in figure 5, as "VirusScan Enterprise + Anti-Spyware Enterprise 8.5i ".

　　Ii. Settings

McAfee can set rules to prevent viruses (including unknown viruses ).

　　

　　Figure 6

　　

　　Figure 7

Right-click the icon in the lower-right corner of the McAfee screen and select "VirusScan Console (figure 6) to open the McAfee Console (figure 7 ).

1. access protection

　　

　　Figure 8

Right-click "access protection" and select Properties to open the access protection Properties dialog box. As shown in figure 8. There are eight entries from top to bottom.

(1) Anti-Spyware standard protection

The rule has only one item, as shown in figure 8. We do not recommend that you select "Block" or "report ". "Blocking" means to protect the rule defined on the right, and "report" means to record the rule when an operation violates it, to facilitate our query. If this rule is enabled, although the IE favorites and settings are not changed, it also causes another problem: that is, you cannot manage ie favorites (add or delete URLs) in the favorites Management page of your browser ). Of course, if you perform operations in the IE favorites folder, you can delete the URLs in the favorites folder, but you cannot add new URLs. Sorry! Once used to edit the exclusion process of its rule to add the operation, add iw.e. EXE, unable to solve the above problem. Therefore, it is not recommended to enable this rule and use the Ao you browser, which can protect the IE homepage from being modified and ensure the security of IE to a certain extent.

(2) Maximum anti-spyware protection and standard anti-virus protection

　　

　　Figure 9

We recommend that you enable both blocking and reporting for all the rules. Note: The "prohibit programs from running files from the temp folder" (figure 9) in Anti-Spyware Max protection may prevent normal programs from running.

　　

　　Figure 10

For example, after the blocking rule is enabled, Photoshop CS2 cannot start running and an error is prompted. At this time, we will find that the McAfee icon in the system bar has a red background compared with the previous one. This status indicates that it prompts that an operation violates the rule. Therefore, McAfee rules prevent the normal operation of the software. In this case, right-click the McAfee icon, as shown in figure 10. If an additional "Open Access Protection Log File" is found (you can compare it with figure 6), select it and open the access protection log to see the following content:

"2006-12-27 16:14:01 1092 CHINA-BCB1B2709/chenjian D:/program files/Adobe Photoshop CS2/photoshop.exe G:/temp/adobelm_cleanup.0001 maximum protection against spyware: prohibit all programs from running files from the temp folder"

In turn, it is the time when the rules are violated, the system users, the programs that violate the rules, the operations that the programs that violate the rules attempt, and the rules that block the programs. It can be seen that the rule "maximum protection against spyware: Prohibit all programs from running files in the temp folder" blocks normal operation of Photoshop.

　　

　　Figure 11

To be able to use Photoshop normally, We can edit rules to exclude processes. First, select the rule "maximum protection against spyware: Prohibit all programs from running files from the temp folder" (figure 9) and click Edit below. In the detailed Rule Information dialog box, Click Upload photoshop.exe, as shown in (Figure 11). Then, return the access protection attribute and click the application. So far, the troubleshooting process has been set. Running Photoshop again is normal.

Tip: if other normal programs cannot be started or run abnormally, you can refer to the above method to view logs and exclude them from the process exclusion items of the corresponding blocking rules. If any blocking rule is enabled, the corresponding report should be enabled. The advantage is that it is easy to view and troubleshoot problems. If the report is not enabled, even if some operations violate the rules, the report will not be generated, so you cannot view and accurately exclude the report.

(3) Maximum anti-virus protection

　　

　　Figure 12

Set the rule "protect cache files from password and email address thieves" as shown in (Figure 12). If enabled, program execution such as the proud browser may be slowed down, you can exclude related processes from the exclusion items.

(4) anti-virus outbreak control and general standard protection

　　

　　Figure 13

We recommend that you enable blocking for all the rules. McAfee has a self-protection function, as shown in Figure 13. "Modify McAfee…" is forbidden ......" These three items are. If you want to change the settings of McAfee, you must first disable these three blocking rules. Otherwise, some settings may not be saved after they are set, or you may not be able to uninstall McAfee.

⑸ Universal maximum protection

　　

　　Figure 14

The rule settings in this item are shown in figure 14. The "prohibit programs from registering as services" rule. If enabled, You need to exclude related processes from the exclusion items. A considerable number of programs need to register themselves as a service for normal use, and I have not set it to enable. If you enable the "Disable HTTP Communication" rule, you also need to exclude related processes from the exclusion items. Otherwise, you will not be able to perform Web browsing and many other network operations.

The last custom rule is the advanced settings of McAfee. It will be described later with the common syntax and wildcard of McAfee.

2. Buffer overflow protection

　　

　　Figure 15

We recommend that you enable the protection mode. Right-click Buffer Overflow Protection and select properties. The Setting dialog box is displayed, as shown in Figure 15. It is not recommended to install two anti-virus software. If two anti-virus software are installed, the program name of the other anti-virus software is excluded from the exclusion item, which may solve the problem.

3. Email Delivery scanning program

Right-click and select Properties to perform relevant settings. Use the default settings.

4. Harmful program policies

　　

　　Figure 16

We recommend that you enable all of them. We can also customize detection items. As shown in Figure 16, select the "Custom detection items" tab and click the Add button. In the pop-up user-defined harmful Program dialog box, enter the executable program name (for example, 3721.exe) of the virus or rogue software, and add a description in the description.

5. Scan programs by Access

　　

　　Figure 17

This is McAfee's real-time monitoring. Open Properties, select the general settings "general" tab, and remove the check box before "Scan floppy disk during Shutdown". Keep other settings by default, as shown in figure 17 ).

　　

　　Figure 18

Select the "check items" tab for all processes. If your computer is not in the LAN, remove the check box before "network drive", as shown in Figure 18.

　　

　　Figure 19

Select the "advanced" tab for all processes to remove the two items in the compressed file column, as shown in Figure 19. Because the real-time monitoring is set here, I don't think it is necessary to enable these two items and save some system resources. I will enable the scan settings later.

　　

　　Figure 20

Select the "operations" tab for all processes, as shown in Figure 20. Here, you can set the main operations and auxiliary operations for threat discovery (that is, the first operation for threat discovery and the second auxiliary operation performed after the first operation fails ). The "harmful programs" tab is set similarly.

6. Isolate manager policies

　　

　　Figure 21

Right-click the isolation manager policy, open properties, and select the Policy tab, as shown in Figure 21 ). Click Browse here to customize the path of the virus isolation folder and how long the files will be deleted.

　　

　　Figure 22

Select the "manager" tab to rescan the selected items in the isolator, check for false positives, delete, and view attributes. You can also select multiple projects at a time. Select a project, press Ctrl, and then click another project. If you need to select multiple consecutive projects, you can first select one, then press the "shift" key, and click on the last project.

7. Full scan and target Scan

　　

　　Figure 23

Both are on-demand scans. Open the full scan Properties dialog box and select the "location" tab, as shown in Figure 23 ). You can set the scan location here.

　　

　　Figure 24

Select the detection tab, as shown in Figure 24 ). Because this is an on-demand scan, check the check box before the two items under the compressed file.

　　

　　Figure 25

The "advanced" tab settings are shown in Figure 25 ). You can drag a lever in the system usage to adjust the usage of system resources during scanning, so that it does not occupy too much system resources during scanning, resulting in slow running of other programs.

The "actions" and "harmful programs" tabs allow you to set the Primary and Secondary actions that are performed when threats and harmful programs are detected.

　　

　　Figure 26

The "Report" tab, as shown in Figure 26 ). Select record to file to record the report log. Click Browse to save the report log. When you select record to file, you should select limit Log File Size and set a value. If this option is not selected, the log file size is unlimited. As more logs are recorded, this log file will become larger and larger. (The target scan and the report settings in the access scan are exactly the same .)

　　

　　Figure 27

　　

　　Figure 28

On-demand scanning can be customized. This allows it to execute scanning tasks within the set time. For example (figure 26), click the "Plan" button on the right to open the dialog box (figure 27), select "enable", and click the "Plan" tab to customize the task, for example (figure 28 ).

8. autoupdata

　　

　　Figure 29

　　

　　Figure 30

　　

　　Figure 31

This is McAfee's upgrade settings. Right-click autoupdata and select properties. The upgrade dialog box is displayed, as shown in Figure 29 ). Click "Update Now" and McAfee will update immediately. This is the same as right-clicking the icon in the lower-right corner of the McAfee screen and selecting update now. Click the "Schedule" button, select "enable" (30), and then click the "Schedule" tab. You can customize the automatic update time (31) from the drop-down list of running tasks ).

　　Iii. Common McAfee wildcards and syntax

1 ,? : Represents any single character. For example, s ?? It is a string of three characters starting with S. It can represent STX, SSY, sys ...... But cannot represent stmp, Su, sssss ......

2. *: when used as a wildcard, it represents any number of characters. For example, St * represents any character starting with St. It can represent stmp, STK, stuupo ...... S *. * indicates all files starting with S. It can be setup. EXE, Sky. Reg, SYS. BMP ...... And so on. It also has another meaning, indicating all operations (all processes ).

3. **/*/**: indicates all files in the hard disk.

4. System: Remote: indicates all remote operation controls.

5. **: indicates any number of levels of Directories Before and After the backslash (/) character. For example, **/*. EXE indicates all local. EXE executable files, and C:/Windows/** indicates all files in the Windows directory of drive C.

6. What is the difference between C:/Windows/** and C:/Windows? Pay special attention to this. C:/Windows/** indicates all files in the Windows directory of drive C, including files in subfolders. C:/Windows/only indicates files in the Windows directory of drive C, and does not include files in subdirectories. Think carefully to understand.

　　Iv. User-Defined rule settings

The setting here is the essence of McAfee, which is well set and can achieve almost zero intrusion of viruses. The more detailed the system is, the higher the security level.

(Note: The meanings of the wildcards and syntaxes above need to be deeply understood and are useful in the user-defined rules described below .)

　　

　　Figure 35

　　

　　Figure 36

Open the McAfee console, right-click "access protection", and select properties. The access protection Properties dialog box is displayed. Select "user-defined rules" and click "new". The select new rule type dialog box (35) is displayed. A new custom rule is created. There are three rule types in the dialog box. Select the first port blocking rule and click OK to open the network port access protection rule dialog box. Here is the simple firewall function of McAfee. You can set the port accordingly. After scanning, we found that port 135 of our system is open. Therefore, we set a port blocking rule to close port 135 on the screen, as shown in Figure 36 ). Enter * in the process to be included, indicating that all operations and processes cannot access port 135 from the network or locally.

　　

　　Figure 37

　　

　　Figure 38

　　

　　Figure 39

Next, create a rule to prevent remote operations on local files. "User-defined rule-New", select the second "file/folder blocking rule", and click OK (Figure 37 ). Open the file/folder access protection rule dialog box, as shown in Figure 38 ). In the process to be included, enter system: Remote to indicate all remote operations. If the remote assistant function of QQ is used for some time, enter qq.exe and coralqq.exe to exclude QQ and coralqq.exe. Select all five operations for the files to be banned.

Create a new rule to prohibit the creation, modification, and deletion of files in the Windows directory. "Custom Rules-New", select "file/folder blocking rules", and click OK (Figure 37 ). Open the file/folder access protection rule dialog box, as shown in Figure 39 ). Enter * in the process to be included, indicating that no operation or process can create, modify, or delete any file in the Windows directory. Some normal programs need to operate the files in the directory to run normally. Therefore, we need to input these normal programs in the process to be excluded, exclude (for example, updata.exe is the McAfee Virus Database Upgrade Program. It needs to write the new virus to the C:/program files/common files/McAfee/Engine Directory, mcAfee will not be able to successfully upgrade the virus database ). Check and confirm the new and deleted files that are being created.

Note: In this rule, there are a total of five file operations to be prohibited (Figure 39). They need to be understood. For ease of description, here only the last letter of each item is used to represent the content of each item (add a content and rename the file = ).

G = G + I + k, H = H + A, j = J +

For example, we have created a rule to prohibit writing data in the file .doc of the drive. In this case, you must check "I" and "H" or "J" in the file operation items to be disabled. Otherwise, other operators can still write data to the file. The method is to rename the file first. After renaming, you can add any content to the file, and then rename the file to change the file name back.

The last type is the Registry blocking rule. Because I do not know much about the registry, I skipped it.

　　

　　Figure 40

McAfee's access protection rules are exceptionally powerful. We hope that you can customize your own powerful rules to protect your favorite computer. Of course, when we customize rules, we may not know which normal programs will be blocked by the defined rules (it is impossible to exclude all normal programs at a time ). When the program runs normally (violating the rules), you need to exclude the program from the corresponding blocking rules by viewing the access protection log. Fortunately, rules can be edited at any time. In the access protection Properties dialog box, select the corresponding rule and click the "edit" button (Figure 40) to open the detailed information of the rule, and then add a program to the process to be excluded.

　　

　　Figure 41

　　

　　Figure 42

If a rule is defined: do not install programs in drive D. It also prevents others from installing the program to the D Drive. So what should I do when I want to install the program to the D disk? Method 1: locate the rule and remove the check mark before the rule. Method 2: remove the check box before "enable access protection" in the "access protection properties" dialog box (Figure 40 ). Method 3: In the console, right-click access protection and select disable (Figure 41 ). Then install the program. Methods 2 and 3 are used in the same way. access protection rules are disabled. After access protection is disabled, "Disable by access scan" in the right-click menu in the lower-right corner of the McAfee screen will be activated (Figure 42 ).

　　5. McAfee processes and services

Seven processes are generated after the mcafee8.5i installation is complete:

1、updaterui.exe -- Automatic Upgrade process

22.16shstat.exe -- icon process in the system bar

3366frameworkservice.exe -- McAfee Framework Service (McAfee product sharing component framework)

4、naprdmgr.exe -- McAfee Framework Service (McAfee product sharing component framework)

52.16vstskmgr.exe -- McAfee Task Manager Service (McAfee schedules tasks, including scheduled scans and scheduled upgrades)

6、mcshield.exe -- McAfee mcshield Service (core process, which provides real-time monitoring by access scan for the system)

7、mctray.exe -- Description: McAfee Security Proxy taskbar Extension

After the mcafee8.5i is installed, three services are generated:

1. McAfee mcshield Service

McAfee's core service provides the system with access-based scanning service, that is, real-time monitoring.

Recommended settings: auto start.

2. McAfee Framework Service

This is the shared component framework of McAfee products.

Set: automatically or manually

Note: You must start this service to upgrade the virus database. After the service is started, some related processes are started. To save resources, you can end related processes in the resource manager after the upgrade. If it is set to manually disabled, it cannot be upgraded. If you want to upgrade, you must first start it manually in the operating system service.

Related process: naprdmgr.exeappsframeworkservice.exe

3. McAfee Task Manager Service

Recommended settings: manually disable

This is McAfee's scheduled scan plan update task. Open it if you want to schedule scan and automatic upgrade. When it is disabled, real-time monitoring and scanning of viruses will not be affected. When you need to upgrade, right-click the taskbar icon and choose update now. When it is disabled, the console also closes. Start the console.

Related process: vstskmgr.exe

　　6. Save the Rules file of McAfee

Setting a set of strong rules suitable for your use requires considerable time and effort. If the system is re-installed and McAfee is re-installed, it is quite troublesome to re-set the rules. Is there no way to save the time and effort we have spent setting the rules?

There are still some methods. Run -- Regedit to open the Registry Editor, find the [HKEY_LOCAL_MACHINE/software/McAfee/vscore/on access logging/behaviourbiocking] item, and find accessprotectionuserrules on the right.

The information of the custom rules we set. Select this option, and the menu command "file -- export" will export our custom settings. If you want to save all the rule settings, export the entire sub-item behaviourblocking. After you reinstall McAfee, you only need to double-click the exported. reg file and immediately re-import the configured rules to McAfee. If the data cannot be imported, disable access protection before importing the data.

 

 

Use soft coffee to prevent rogue software such as 3721, Internet pig, Chinese mail, Baidu souba, and yisearch.

At present, 3721, Internet pig, Chinese mail, Baidu souba, and yisearch often sneak into your computer, and it is difficult to uninstall it. Use coffee to stop them from entering.
Enable soft access protection and create the following rules:
1. It is prohibited to create, write, execute, and read 3721 of any content locally;
2. It is prohibited to create, write, execute, and read any content from the Internet pig locally;
3. It is prohibited to create, write, execute, and read any content of Chinese mail locally;
4. It is prohibited to create, write, execute, and read any content of Baidu souba locally;
5. You cannot create, write, execute, or read any content locally.
Well, 3721, Internet pig, Chinese mail, Baidu souba, yisearch and other rogue software have no reason to stay in your computer.
Add some settings. For example, the method to prevent 3721:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit local creation, writing, execution, and reading of 3721 of any content
Blocked object :*
File or file name to block: **/3721 */**
File Operations to be blocked: Check all operations before creating, writing, executing, and reading files.
Response Method: block and report access attempts
Even if many software are installed, bind 3721. When coffee opens this rule, 3721 only sees one ghost shadow-an empty 3721 folder.

2. Use coffee to kill software to prevent unknown Trojan viruses

I checked the relevant information. For now, there are basically three types of Trojans and viruses: EXE, DLL, and VxD. Okay, as long as we create the following three protection mechanisms:
1. It is prohibited to create or write any EXE files anywhere on the local device.
2. Do not create or write any DLL file anywhere on the local device.
3. It is prohibited to create or write any VxD file anywhere on the local device.

In this way, the various types of Trojan viruses cannot be entered. Of course, this rule is very aggressive, that is, you update the coffee virus database, upgrade other software, download files of the EXE, DLL, and VxD types, and moving any files of the EXE, DLL, and VxD types is impossible. Therefore, when you perform a similar operation, temporarily cancel the rule and continue to use it after the operation is completed.

Some rules are created as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: do not create or write any EXE files anywhere locally
Blocked object :*
File or file name to block: **/*. exe
File Operation to be blocked: check before creating a file or writing a file.
Response Method: block and report access attempts
For other similar rules, refer to settings.

3. Block the arbitrary deletion of Files

Now there are many viruses that Delete the MP3 format. Well, this can be done to prevent such incidents. Enable coffee access protection and create the following rule: Do not delete any local MP3 files. Okay, it's impossible for these viruses to delete MP3 files. Even you cannot delete MP3! Unless banned! To prevent viruses and Trojans that are similar to deleting some files, all right. Create another rule to prohibit the deletion of any local content. All right, viruses and Trojans that delete various files are useless. Of course, if this rule works, you cannot delete anything yourself. When you need to delete some content, temporarily cancel this rule. After the deletion operation is complete, open it again. This rule is very useful to protect your computer from being deleted by others. What's more, if someone else is confused, he won't even think that coffee is blocking the delete operation!
The rule creation is as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit the deletion of any local MP3 files
Blocked object :*
File or file name to block: **/*. MP3
Object operation to be blocked: Check the object before deleting it.
Response Method: block and report access attempts

Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit the deletion of any local content
Blocked object :*
File or file name to block :**/*/**
Object operation to be blocked: Check the object before deleting it.
Response Method: block and report access attempts

You can also use a similar method to protect any file from being deleted. For example, RM files. Try it by yourself.

4. Use coffee to protect the registry.

Currently, many Trojans and viruses prefer to reside in the registry. Okay. We use coffee to create such a rule. You cannot create or write local registries. Okay. Unless you agree, the Registry will not be modified for no reason. If the rule is still enabled for coffee, including software installation, haha, although the software is installed, nothing is written in the registry. Although a lot of software needs to be written into the registry, it can be used without being written into the registry. If you don't believe it, you can try it! Of course, if you do not write data to the Registry, software functions will be compromised, especially software and firewalls. I have done similar experiments. The Anti-Spyware agent is not allowed to be written into the registry. As a result, it can only find but cannot clear the spyware. (check whether the number of spyware has nothing to do with whether it is written into the registry when the anti-spyware agent is installed ). Comparing the Registry monitoring functions of Kingsoft and rising, Kingsoft and rising are far behind. Their monitoring of the registry is not only annoying, but also meaningless. For example, if you install a software and click "stop writing data to the Registry", click "continue. Ten years is not over. What is the significance?
The rule creation is as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit creation and writing of the local registry
Blocked object :*
File or file name to block: **/*. Reg
File Operation to be blocked: check before creating a file or writing a file.
Response Method: block and report access attempts

5. Use coffee to protect the home page.

You can use coffee kill to protect the browser homepage from being modified. This eliminates the need to install other software for protection. Other browser protection software not only occupies a certain amount of resources, but also has poor performance. The coffee protection effect is quite satisfactory. The specific method is as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: do not create or modify the hosts file locally
Blocked object: iexplore. EXE, or *
File or file name to block: **/etc */**
File Operation to be blocked: check before creating, writing, and deleting a file.
Response Method: block and report access attempts
Okay. A malicious Website Cannot change your homepage.

6. prevent malicious script intrusion.

Open the file protection rules in the coffee kill soft access protection and create these rules:
1. It is prohibited to read, execute, create, and write any JS file anywhere locally.
2. Read, execute, create, and write any vbs file locally
3. Read, execute, create, and write any HTM file anywhere on the local device.
4. It is prohibited to read, execute, create, and write any HTML file anywhere on the local device.
All right, malicious websites intrude into the malicious code and Trojans of the machine through scripts.

Some rules are created as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit reading, executing, creating, and writing any JS file anywhere locally
Blocked object :*
File or file name to block: **/*. js
File Operations to be blocked: Check Before reading, executing, creating, and writing files.
Response Method: block and report access attempts
For other similar rules, refer to settings.

Of course, this is a little harsh and may prevent access to the Internet. You can modify these rules to prevent creation and writing.

7. Use coffee to prevent plug-in intrusion.

The Internet is getting increasingly insecure. There are more and more malicious plug-ins. Okay. We use coffee to deal with them. Because these plug-ins are kidnapped into Internet Explorer files, we can use coffee to protect Internet Explorer files.
The rule creation is as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: do not create or write data in the Internet Explorer folder
Blocked object :*
File or file name to block: **/Internet Explorer */**
File Operation to be blocked: check before creating a file or writing a file.
Response Method: block and report access attempts
Well, those plug-ins cannot come in.

8. Prevent hacker damage.
At present, there are more and more hackers and they are more and more fond of intruding into their personal hosts. Hackers intrude into a host for two other reasons:
1. Operator. Learn how to intrude into others.
2. Planting backdoors. Control others.
Okay. Speak nonsense. Hacker intrusion is difficult to block. How can we block intrusions from hacker damage? How to check coffee. We use coffee to create a rule that prohibits remote operations on any local files/folders. In this way, what else can a hacker do even if he intrude into your host?
The specific rule settings are as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit remote operations on any local files/folders
Blocked object: System: Remote
File or file name to block :**/*/**
File Operations to be blocked: Check Before reading, executing, creating, writing, and deleting a file.
Response Method: block and report access attempts

If you are not at ease, you can create a rule for each root directory folder on the system disk. Prohibit hackers from performing any operations on them. For more information, see. In this way, the hacker can perform further damage activities unless the hacker can damage the coffee or know the coffee password and change the coffee settings. It is not easy for hackers to destroy coffee. People who have used coffee know that coffee cannot be exited, but can only continue to work. Of course, hackers can uninstall the coffee to destroy it. The problem is that the hacker must call files such as EXE for remote uninstallation, and the coffee does not allow hackers to remotely perform any operations on files such as exe. I was attacked by a hacker shortly after I used coffee. At that time, I still didn't know how to set such strict rules. I just opened the default protection rules for EXE and DLL files in coffee, the hacker did not do anything. If such strict rules can be established, there will be very few things that hackers can do.

9. Prevent program running.

Coffee has a powerful blocking function that can block almost any program running. For example, the tftp.exe program is generally unavailable to users. You can use coffee to stop him from running. Note: The default rules for coffee are already set. This function is very useful. If you do not want to run a program one day, you can use this rule to terminate the program. Or, a Trojan or virus cannot be cleared in a certain day. What should I do? Then the coffee function is highlighted. Stop the trojan and virus program with coffee. In this way, the trojan cannot be run, and it is no longer a zombie.

10. Establish the strictest rules.

Trojans are often used when hackers visit websites, crack bases, and yellow websites. Although I do not go to those websites, the following rules are specially created for the security of those who often go to hacking websites, cracking bases, and yellow websites. You are prohibited from creating, writing, or deleting data locally. In this way, the chance of winning a move is 0.
The specific rule settings are as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit any creation, write, or deletion activities locally.
Blocked object :*
File or file name to block :**/*/**
File Operation to be blocked: check before creating, writing, and deleting a file.
Response Method: block and report access attempts
As this rule is very strict, it is recommended to enable it only when hackers browse websites, crack bases, and yellow websites. This rule generates a large number of logs, and hundreds of detailed logs are generated every minute, occupying a lot of space. Therefore, it is very important to move coffee logs to other disks. Of course, this rule is also suitable for those who are very secure.

11. Prevent cookies from leaking personal privacy
Some websites or/and hackers use cookies to steal user information. Okay. This can be done to prevent such incidents as much as possible. Use coffee to establish cookies protection.

The specific rule settings are as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: prohibits certain operations on cookies.
Blocked object :*
File or file name to block: **/cookies */**
File Operations to be blocked: Check Before reading, creating, and writing files.
Response Method: block and report access attempts

Okay. The personal privacy leaked through cookies is protected by coffee. Of course, this setting is inappropriate for some websites. You need to cancel this rule temporarily. As for the protection mechanism of cookies by IE browser, it is not very good. Prohibited. Many websites cannot go. No. It is dangerous. Compared with coffee, coffee is obviously more user-friendly. I hope you will like it.

12. Use coffee to protect private files.

This is achieved using coffee's powerful file protection performance. Many people like to use encryption software to encrypt personal files and play a protective role. If you use coffee, you can use coffee to implement this function. In addition, the protection effect is ideal. If others are not very familiar with coffee, they will not think of it as a soft killer to protect it. In addition, when someone else reads or opens a file, the coffee protection file does not mention the password or coffee, but prompts: Make sure the disk is not protected. For the average person, the file is damaged and cannot be opened. Haha. Do you mean something?
The following describes how to implement this function. First, put all your personal files to be protected in a root directory, for example, named meteor shower. Then protect the file.

The specific rule settings are as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: do not perform any operations on meteor shower files/folders
Blocked object :*
File or file name to block: **/meteor shower */**
File Operations to be blocked: Check Before reading, executing, creating, writing, and deleting a file.
Response Method: block and report access attempts

If you have another file name, set it as needed.
Now, no one can open or delete this file under the coffee protection. You can enable this function only when you temporarily cancel the coffee rule.
In addition, do not forget to set a super password with more than 8 digits for the coffee. During the protection period, lock the coffee interface.
Of course, in my personal opinion, there will be no absolute confidential files. It is nothing more than asking others to read things. Therefore, the coffee function is good. I hope you will like it.

13. Use coffee to securely protect shared resources

This is completely possible.
Many people like to share some of their resources with others on the Internet, but at the same time, there must be insecure factors. To maximize personal security, coffee can take this responsibility.
Coffee has powerful protection rules that can be fully implemented. The following describes how to securely share resources. Now we assume that the hard disk has four partitions: C, D, E, and F, and the system disk is a C disk. You want to share your edisk resources. You can do this. Use coffee kill to establish the following rules: Prohibit remote operations on the drive C; prohibit remote operations on the drive D; you are prohibited from creating, writing, or deleting an edisk remotely. The specific rule settings are as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Disable remote operations on drive C.
Blocked object: System: Remote
File or file name to block: C :/*/**
File Operations to be blocked: Check Before reading, executing, creating, writing, and deleting a file.
Response Method: block and report access attempts

Coffee console ------ access protection ------ folder protection ----- add
Rule name: Disable remote operations on disk D.
Blocked object: System: Remote
File or file name to block: D :/*/**
File Operations to be blocked: Check Before reading, executing, creating, writing, and deleting a file.
Response Method: block and report access attempts

Coffee console ------ access protection ------ folder protection ----- add
Rule name: allows you to create, write, and delete an edisk remotely.
Disable remote operations on an edisk
Blocked object: System: Remote
File or file name to block: e :/*/**
File Operation to be blocked: check before creating, writing, and deleting a file.
Response Method: block and report access attempts

Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit remote operations on the F Disk
Blocked object: System: Remote
File or file name to block: F :/*/**
File Operations to be blocked: Check Before reading, executing, creating, writing, and deleting a file.
Response Method: block and report access attempts

After setting the above rules, you also need to use coffee to keep existing shared resources. Go to the coffee console ------ access protection ------ folder protection ------ share resources, and check to keep existing access permissions for shared resources. Set a super password with more than 15 digits for the coffee and lock the coffee interface. Okay. Use coffee to protect your security settings. If you want to share the USB flash drive, you can also refer to the settings.
These rule settings are also suitable for many websites. However, you need to modify it a bit to make a better effect.

14. Restrict modification of important management tools in Computer Management Tools
Computer Management tools include many important tools, such as local security policies, distributed file systems, services, computer management, and group policies. These operations are generally not changed easily after they are modified. To prevent others from changing these settings, you can disable them. There are many ways to disable it. Here we will mainly talk about how to implement this function through coffee nets. So you can use this feature to disable them. The rule settings are as follows:

Coffee console ------ access protection ------ folder protection ----- add
Rule name: restrict the modification of important management tools in Computer Management Tools
Blocked object :*
File or file name to block: **/mmc.exe
File Operations to be blocked: Check Before reading, executing, creating, and writing files.
Response Method: block and report access attempts

With this setting, you can. net Framework configuration, Local Security Policy, distributed file system, service, Computer Management, Routing and Remote Access, event viewer, performance, Remote Desktop, Certificate Authority, terminal service configuration, component service, dozens of important tools such as group policy, Device Manager, and console, to prevent modification. When the coffee rule is enabled and these management tools are modified, the system is prompted that you do not have the permission to perform the operation (even if you log on to the administrators, you do not have the permission to modify it ). If you perform similar operations, open the coffee and temporarily cancel this rule. Of course, it is essential to set a password for coffee.

15. Blocking QQ and other chat software
Blocking QQ is a headache for network administrators and company bosses (both for their own use and for others to use QQ). In the past, we can also block ports such as UDP 4000, however, since Tencent opened up QQ's TCP/IP login function, blocking QQ has become more difficult. As long as you can access the Internet, you can use a browser to browse the Web page to access QQ. Qq makes network management and company bosses more cumbersome. If you use the coffee Enterprise Edition, you can use coffee to completely block QQ. The method is simple. Just use coffee to stop QQ. The specific rule settings are as follows:

Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit QQ operation
Blocked object :*
File or file name to block: **/qq.exe
File Operations to be blocked: Check Before reading, executing, creating, and writing files.
Response Method: block and report access attempts

After setting the rules above, set more than 10 strong passwords for coffee and lock the coffee. After that, QQ cannot be run on your host. When others want to run QQ, the system will prompt: You are not authorized to run QQ! Unless the coffee is unbanned! If you do not want others to install QQ on your host, this rule can also be used. In addition, if you want to block other chat software, refer to the blocking QQ settings.