Comments: Mcafee, Norton, and Kaspersky are the three major antivirus software in the world. Its monitoring capabilities and protection rules are quite powerful, and it is the best of its kind of software. It is a soft M that I highly recommend.CAfee VirusScan8.5i + Patch5 + 5200 + integrated and optimized Anti Version Download
How to set rules for the Mcafee8.5 Enterprise Edition, download the Mcafee cracked version, and install and use the Mcafee8.5 anti-virus software --- a very useful anti-virus software
The following describes how to install, use, and set rules for McAfee VirusScan Enterprise 8.5i (the latest Enterprise Edition.
Install the setup.exe executable file in the installation package. Note the following points:
As shown in figure 1, you can select the term of use for the "License Period type" here, and click the inverted triangle type button on the right, you can select "one year, two years, or permanent" from the drop-down list ". Select a country from the drop-down list of "select the country to purchase and use.
You can choose either a typical installation or a custom installation. By default, the installation of all functional components is maximized. You can choose to install relevant components, as shown in figure 2. You can customize the installation directory in either of the two installation methods.
As shown in figure 3, you can select the access protection level, standard protection, or maximum protection during the installation process. Standard protection is recommended here. After the software is installed successfully, the access protection rules can still be customized and modified.
After the software is installed, you can use it without restarting the computer. This is the first time that I have met the anti-virus software that requires no restart. I think this is a real improvement. You need to restart the system after installing 8.0i. As shown in figure 4, "VirusScan Enterprise 8.5i" is displayed ".
We recommend that you install the Anti-Spyware Enterprise 8.5i Anti-Spyware plug-in. The installation process is relatively simple. Double-click setup.exe in the installation package and click "Next" to complete the installation. After the Anti-Spyware plug-in is successfully installed, view the software information interface, as shown in figure 5, as "VirusScan Enterprise + Anti-Spyware Enterprise 8.5i ".
Mcafee can set rules to prevent viruses (including unknown viruses ).
Right-click the icon in the lower-right corner of the Mcafee screen and select "VirusScan Console (figure 6) to open the mcafee Console (figure 7 ).
1. access protection
Right-click "access protection" and select Properties to open the access protection Properties dialog box. As shown in figure 8. There are eight entries from top to bottom.
(1) Anti-Spyware standard protection
The rule has only one item, as shown in figure 8. We do not recommend that you select "Block" or "report ". "Blocking" means to protect the rule defined on the right, and "report" means to record the rule when an operation violates it, to facilitate our query. If this rule is enabled, although the IE favorites and settings are not changed, it also causes another problem: that is, you cannot manage IE favorites (add or delete URLs) in the favorites Management page of your browser ). Of course, if you perform operations in the IE favorites folder, you can delete the URLs in the favorites folder, but you cannot add new URLs. Sorry! Once used to edit the exclusion process of its rule to add the operation, add iw.e. EXE, unable to solve the above problem. Therefore, it is not recommended to enable this rule and use the Ao you browser, which can protect the IE homepage from being modified and ensure the security of IE to a certain extent.
(2) Maximum anti-spyware protection and standard anti-virus protection
We recommend that you enable both blocking and reporting for all the rules. Note: The "prohibit programs from running files from the Temp folder" (figure 9) in Anti-Spyware Max protection may prevent normal programs from running.
For example, after the blocking rule is enabled, photoshop cs2 cannot start running and an error is prompted. At this time, we will find that the mcafee icon in the system bar has a red background compared with the previous one. This status indicates that it is prompted, and some operations violate the rules. Therefore, mcafee rules prevent the normal operation of the software. In this case, right-click the mcafee icon, as shown in figure 10. If an additional "Open Access Protection Log File" is found (you can compare it with figure 6), select it and open the access protection log to see the following content:
"2006-12-27 16:14:01 1092 CHINA-BCB1B2709 \ chenjian D: \ Program Files \ Adobe Photoshop CS2 \ Photoshop.exe G: \ temp \ Adobelm_Cleanup.0001 maximum protection against spyware: prohibit all programs from running files from the Temp folder"
In turn, it is the time when the rules are violated, the system users, the programs that violate the rules, the operations that the programs that violate the rules attempt, and the rules that block the programs. It can be seen that the rule "maximum protection against spyware: Prohibit all programs from running files in the Temp folder" blocks normal operation of photoshop.
To be able to use photoshop normally, We can edit rules to exclude processes. First, select the rule "maximum protection against spyware: Prohibit all programs from running files from the Temp folder" (figure 9) and click Edit below. In the detailed Rule Information dialog box, Click Upload photoshop.exe, as shown in (Figure 11). Then, return the access protection attribute and click the application. So far, the troubleshooting process has been set. Running photoshop again is normal.
Tip: if other normal programs cannot be started or run abnormally, you can refer to the above method to view logs and exclude them from the process exclusion items of the corresponding blocking rules. If any blocking rule is enabled, the corresponding report should be enabled. The advantage is that it is easy to view and troubleshoot problems. If the report is not enabled, even if some operations violate the rules, the report will not be generated, so you cannot view and accurately exclude the report.
(3) Maximum anti-virus protection
Set the rule "protect cache files from password and email address thieves" as shown in (Figure 12). If enabled, program execution such as the proud browser may be slowed down, you can exclude related processes from the exclusion items.
(4) anti-virus outbreak control and general standard protection
We recommend that you enable blocking for all the rules. Mcafee has a self-protection function, as shown in Figure 13. "Modify mcafee…" is forbidden ......" These three items are. If you want to change the settings of mcafee, you must first disable these three blocking rules. Otherwise, some settings may not be saved after they are set, or you may not be able to uninstall mcafee.
⑸ Universal maximum protection
The rule settings in this item are shown in figure 14. The "prohibit programs from registering as services" rule. If enabled, You need to exclude related processes from the exclusion items. A considerable number of programs need to register themselves as a service for normal use, and I have not set it to enable. If you enable the "Disable HTTP Communication" rule, you also need to exclude related processes from the exclusion items. Otherwise, you will not be able to perform Web browsing and many other network operations.
The last custom rule is the advanced settings of mcafee. It will be described later with the common syntax and wildcard of mcafee.
2. Buffer overflow protection
We recommend that you enable the protection mode. Right-click Buffer Overflow Protection and select properties. The Setting dialog box is displayed, as shown in Figure 15. It is not recommended to install two anti-virus software. If two anti-virus software are installed, the program name of the other anti-virus software is excluded from the exclusion item, which may solve the problem.
3. Email Delivery scanning program
Right-click and select Properties to perform relevant settings. Use the default settings.
4. Harmful program policies
We recommend that you enable all of them. We can also customize detection items. As shown in Figure 16, select the "Custom detection items" tab and click the Add button. In the pop-up user-defined harmful Program dialog box, enter the executable program name (for example, 3721.exe) of the virus or rogue software, and add a description in the description.
5. Scan programs by Access
This is mcafee's real-time monitoring. Open Properties, select the general settings "general" tab, and remove the check box before "Scan floppy disk during Shutdown". Keep other settings by default, as shown in figure 17 ).
Select the "check items" tab for all processes. If your computer is not in the LAN, remove the check box before "network drive", as shown in Figure 18.
Select the "advanced" tab for all processes to remove the two items in the compressed file column, as shown in Figure 19. Because the real-time monitoring is set here, I don't think it is necessary to enable these two items and save some system resources. I will enable the scan settings later.
Select the "operations" tab for all processes, as shown in Figure 20. Here, you can set the main operations and auxiliary operations for threat discovery (that is, the first operation for threat discovery and the second auxiliary operation performed after the first operation fails ). The "harmful programs" tab is set similarly.
6. Isolate manager policies
Right-click the isolation manager policy, open properties, and select the Policy tab, as shown in Figure 21 ). Click Browse here to customize the path of the virus isolation folder and how long the files will be deleted.
Select the "manager" tab to rescan the selected items in the isolator, check for false positives, delete, and view attributes. You can also select multiple projects at a time. You can select a project first, and then press CTRL to click another project. If you need to select multiple consecutive projects, you can first select one, then press the "SHIFT" key, and click on the last project.
7. Full scan and target Scan
Both are on-demand scans. Open the full scan Properties dialog box and select the "location" tab, as shown in Figure 23 ). You can set the scan location here.
Select the detection tab, as shown in Figure 24 ). Because this is an on-demand scan, check the check box before the two items under the compressed file.
The "advanced" tab settings are shown in Figure 25 ). You can drag a lever in the system usage to adjust the usage of system resources during scanning, so that it does not occupy too much system resources during scanning, resulting in slow running of other programs.
The "actions" and "harmful programs" tabs allow you to set the Primary and Secondary actions that are performed when threats and harmful programs are detected.
The "Report" tab, as shown in Figure 26 ). Select record to file to record the report log. Click Browse to save the report log. When you select record to file, you should check to limit the size of the log file and set a value. If this option is not selected, the log file size is unlimited. As more logs are recorded, this log file will become larger and larger. (The target scan and the report settings in the access scan are exactly the same .)
On-demand scanning can be customized. This allows it to execute scanning tasks within the set time. For example (figure 26), click the "Plan" button on the right to open the dialog box (figure 27), select "enable", and click the "Plan" tab to customize the task, for example (figure 28 ).
This is mcafee's upgrade settings. Right-click AutoUpdata and select properties. The upgrade dialog box is displayed, as shown in Figure 29 ). Click "Update Now" to Update mcafee immediately. This is the same as right-clicking the icon in the lower-right corner of the mcafee screen and selecting update now. Click the "Schedule" button, select "enable" (30), and then click the "Schedule" tab. You can customize the automatic update time (31) from the drop-down list of running tasks ).
3. Set a password for mcafee
To protect your mcafee settings from being changed by other users using this computer, you can set a password for mcafee. Open the console and choose tools> User Interface Options (32 ). Open the user interface option dialog box (33 ). To ensure security, remove the check before "allow this system to establish remote console connection with other systems. Select the "password options" tab, set the password here, and confirm (34 ). After setting the password, you must first unlock the password from the "tool-Unlock User Interface" menu. Otherwise, you cannot change any settings of mcafee.
4. Common mcafee wildcards and syntax
1 ,? : Represents any single character. For example, S ?? It is a string of three characters starting with S. It can represent STX, SSY, SYS ...... But cannot represent STMP, SU, SSSSS ......
2. *: when used as a wildcard, it represents any number of characters. For example, ST * represents any character starting with ST. It can represent STMP, STK, STUUPO ...... S *. * indicates all files starting with S. It can be SETUP. EXE, SKY. REG, SYS. BMP ...... And so on. It also has another meaning, indicating all operations (all processes ).
3. ** \ * \ **: All files in the hard disk.
4. System: Remote: indicates all Remote operation controls.
5. **: indicates any number of levels of Directories Before and After the backslash (\) character. For example, ** \ *. EXE indicates all local. EXE executable files, and C: \ WINDOWS \ ** indicates all files in the WINDOWS directory of drive C.
6. What is the difference between C: \ WINDOWS \ ** and C: \ WINDOWS? Pay special attention to this. C: \ WINDOWS \ ** indicates all files in the WINDOWS directory of drive C, including files in subfolders. C: \ WINDOWS \ only indicates files in the WINDOWS directory of drive C, and does not include files in subdirectories. Think carefully to understand.
(Note: The meanings of the wildcards and syntaxes above need to be deeply understood and are useful in the user-defined rules described below .)
5. User-Defined rule settings
The setting here is the essence of mcafee, which is well set and can achieve almost zero intrusion of viruses. The more detailed the system is, the higher the security level.
Open the mcafee console, right-click "access protection", and select properties. The access protection Properties dialog box is displayed. Select "user-defined rules" and click "new". The dialog box (35) for selecting a new rule type appears. There are three rule types in the dialog box. Select the first port blocking rule and click OK to open the network port access protection rule dialog box. Here is the simple firewall function of mcafee. You can set the port accordingly. After scanning, we found that port 135 of our system is open. Therefore, we set a port blocking rule to close port 135 on the screen, as shown in Figure 36 ). Enter * in the process to be included, indicating that all operations and processes cannot access port 135 from the network or locally.
Next, create a rule to prevent remote operations on local files. "User-defined rule-New", select the second "file/folder blocking rule", and click OK (Figure 37 ). Open the file/folder access protection rule dialog box, as shown in Figure 38 ). In the process to be included, enter System: Remote to indicate all Remote operations. Because QQ's remote assistance function is sometimes required, you need to enter qq.exe and CoralQQ.exe to exclude QQ and CoralQQ.exe. Select all five operations for the files to be banned.
Create a new rule to prohibit the creation, modification, and deletion of files in the WINDOWS directory. "Custom Rules-New", select "file/folder blocking rules", and click OK (Figure 37 ). Open the file/folder access protection rule dialog box, as shown in Figure 39 ). Enter * in the process to be included, indicating that no operation or process can create, modify, or delete any file in the WINDOWS directory. Some normal programs need to operate the files in the directory to run normally. Therefore, we need to input these normal programs in the process to be excluded, exclude (for example, updata.exe is the mcafee Virus Database Upgrade Program. It needs to write the new virus to the C: \ Program Files \ Common Files \ Mcafee \ Engine Directory, mcafee will not be able to successfully upgrade the virus database ). Check and confirm the new and deleted files that are being created.
Note: In this rule, there are a total of five file operations to be prohibited (Figure 39). They need to be understood. For ease of description, here only the last letter of each item is used to represent the content of each item (add A content and rename the file = ).
G = G + I + K, H = H + A, J = J +
For example, we have created a rule to prohibit writing data in the file .doc of the drive. In this case, you must select "I" and "H" or "J" to disable the file operation. Otherwise, other operators can still write data to the file. The method is to rename the file first. After renaming, you can add any content to the file, and then rename the file to change the file name back.
The last type is the Registry blocking rule. Because I do not know much about the registry, I skipped it.
Mcafee's access protection rules are exceptionally powerful. We hope that you can customize your own powerful rules to protect your favorite computer. Of course, when we define rules, we may not know which normal programs will be blocked by the defined rules (it is impossible to exclude all normal programs at a time ). When the program runs normally (violating the rules), you need to exclude the program from the corresponding blocking rules by viewing the access protection log. Fortunately, rules can be edited at any time. In the access protection Properties dialog box, select the corresponding rule and click the "edit" button (Figure 40) to open the detailed information of the rule, and then add a program to the process to be excluded.
If a rule is defined: do not install programs in drive D. It also prevents others from installing the program to the D Drive. So what should I do when I want to install the program to the D Drive? Method 1: locate the rule and remove the check mark before the rule. Method 2: remove the check box before "enable access protection" in the "access protection properties" dialog box (Figure 40 ). Method 3: In the console, right-click access protection and select disable (Figure 41 ). Then install the program. Methods 2 and 3 are used in the same way. access protection rules are disabled. After access protection is disabled, "Disable by access scan" in the right-click menu in the lower-right corner of the mcafee screen will be activated (Figure 42 ).
6. mcafee processes and services
Seven processes are generated after the mcafee8.5i installation is complete:
1、UpdaterUI.exe -- Automatic Upgrade process
22.16shstat.exe -- icon process in the system bar
3366frameworkservice.exe -- McAfee Framework Service (mcafee product sharing component Framework)
4、naPrdMgr.exe -- McAfee Framework Service (mcafee product sharing component Framework)
52.16vstskmgr.exe -- McAfee Task Manager Service (mcafee schedules tasks, including scheduled scans and scheduled upgrades)
6、Mcshield.exe -- McAfee McShield Service (core process, which provides real-time monitoring by access scan for the system)
7、Mctray.exe -- Description: mcafee Security Proxy taskbar Extension
After the Mcafee8.5i is installed, three services are generated:
1. McAfee McShield Service
Mcafee's core service provides the system with access-based scanning service, that is, real-time monitoring.
Recommended settings: auto start.
2. McAfee Framework Service
This is the shared component framework of McAfee products.
Set: automatically or manually
Note: You must start this service to upgrade the virus database. After the service is started, some related processes are started. To save resources, you can end related processes in the resource manager after the upgrade. If it is set to manually disabled, it cannot be upgraded. If you want to upgrade, you must first start it manually in the operating system service.
Related process: naprdmgr.exeappsframeworkservice.exe
3. McAfee Task Manager Service
Recommended settings: manually disable
This is mcafee's scheduled scan plan update task. Open it if you want to schedule scan and automatic upgrade. When it is disabled, real-time monitoring and scanning of viruses will not be affected. When you need to upgrade, right-click the taskbar icon and choose update now. When it is disabled, the console also closes. Start the console.
Related process: Vstskmgr.exe
7. Save the Rules file of mcafee
Setting a set of strong rules suitable for your use requires considerable time and effort. If the system is re-installed and mcafee is re-installed, it is quite troublesome to re-set the rules. Is there no way to save the time and effort we have spent setting the rules?
There are still some solutions. Run -- regedit to open the Registry Editor, find the [HKEY_LOCAL_MACHINE \ SOFTWARE \ McAfee \ VSCore \ On Access keys \ BehaviourBIocking] item, and find AccessProtectionUserRules On the right.
The information of the custom rules we set. Select this option, and the menu command "file -- export" will export our custom settings. If you want to save all the rule settings, export the entire sub-item BehaviourBlocking. After you reinstall mcafee, you only need to double-click the exported. reg file and immediately re-import the configured rules to mcafee. If the data cannot be imported, disable access protection before importing the data.