Rule settings for McAfee 8.8 Enterprise Edition (intermediate), mcfee8.8
Rule Description:
1. Integration: the default rule uses the evil version "McAfee8.8 general enhanced rules classic edition" and makes effective adjustments. Custom rules are integrated with tiannuo Group Defense and Cat version browser defense rules.
2. Security: the Clean PC mode + security mode + crazy mode + portal defense form a comprehensive, systematic, and meticulous three-dimensional powerful defense system.
3. Efficiency: there are only nine custom rules, one for one, which is clear at a glance and there are no duplicates.
4. ease of use: do not consider the exclusion as complicated. It is mainly concentrated in software groups with custom rules.
5. Smooth: system, software, surfing, self-experience, fast and smooth.
6. General Purpose: For Windows systems, you can simply import the corresponding rules to the corresponding systems and exclude them from adaptability (of course, you do not have to set them yourself ).
7. customization: The system group, built-in software, and coffee itself have been basically excluded. You need to exclude the real-machine software yourself; otherwise, the machine cannot run at all.
8. Tired. The rules have been completely beyond the limit and tend to be perfect. Just use them as the final rules for tiannuo! Thank you for your support and love!
Town edition rules:
McAfee 8.8 tiannuo fenfeng Zhen edition rules 32bit .rar
McAfee 8.8 tiannuo fenfeng Zhen edition rule 64bit .rar
Rule XP.rar of McAfee 8.8
Package
-
Software Name:
-
McAfee 8.8 Enterprise Edition rules official version 32/64-bit for xp, win7, 2008 Packaging
-
Software size:
-
16 KB
-
Updated on:
-
2016-09-04
The following is the rule Text Version:
>>>>>>>===================== Default rule ---------------->
Anti-Spyware standard protection
Rule name: Protect Internet Explorer favorites and settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
Maximum protection against spyware
Rule name: Disable the installation of new CLSID, APPID, and TYPELIB
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**
Rule name: Prohibit all programs from running files from the Temp folder
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**
Rule name: Prohibit script execution from the Temp folder
Process to be included :? Script.exe
Process to be excluded: None
Anti-Virus standard protection
Rule name: Disable Registry Editor and Task Manager
Process to be included :*
Process to be excluded: None
Rule name: forbidden to Change User Permission Policy
Process to be included :*
Process to be excluded: * \ ** \ Windows \**
Rule name: Prohibit remote creation/modification of executable files and configuration files
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
Rule name: Disable remote creation of automatic run files
Process to be included :*
Process to be excluded: None
Rule name: prohibit blocking. EXE and other executable file extensions
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**
Rule name: disables disguised Windows Processes
Process to be included :*
Process to be excluded: * \ ** \ Windows \ assumer.exe
Rule name: Prohibit group email worms from sending emails
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**
Rule name: Disable IRC Communication
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**
Rule name: Disable tftp.exe
Process to be included :*
Process to be excluded: None
Anti-virus protection
Rule name: Prohibit Svchost from executing non-Windows executable files
Process to be included: svchost.exe
Process to be excluded: None
Rule name: protects phone book files from password and email address thieves
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
Rule name: Disable registration of all file extensions
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
Rule name: protects cached files from password and email address thieves
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
Anti-virus outbreak control
Rule name: Set all shared items to read-only
Process to be included: system: remote
Process to be excluded: None
Rule name: block read/write access to all shared resources
Process to be included :*.*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
General standard protection
Rule name: prohibit modification of McAfee files and settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
Rule name: Disable modification of the McAfee Common Management Agent file and settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
Rule name: prohibit modification of McAfee Scan Engine files and settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
Rule name: protects Mozilla and FireFox files and settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**
Rule name: protects Internet Explorer Settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**
Rule name: Disable Browser Helper Objects and Shell Extensions Installation
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**
Rule name: Network Protection Settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
Rule name: prohibit a public program from running files from the Temp folder
Process to be included: iexplore.exe
Process to be excluded: None
Rule name: Disable hcp url in Internet Explorer
Process to be included :*
Process to be excluded: None
Rule name: prevents the McAfee process from being terminated
Process to be included :*
Process to be excluded: None
Universal maximum protection
Rule name: do not register a program as automatic
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**
Rule name: do not register a program as a service
Process to be included :*
Process to be excluded: * \ ** \ Windows \**
Rule name: do not create an executable file in the Windows folder
Process to be included :*
Process to be excluded: None
Rule name: do not create an executable file in the Program Files folder.
Process to be included :*
Process to be excluded: * \ ** \ Program Files * \ McAfee \ Common Framework \ FrameworkService.exe
Rule name: disable file startup from the Downloaded Program Files Folder
Process to be included :*
Process to be excluded: None
Rule name: Prohibit FTP Communication
Process to be included :*
Processes to be excluded: agentnt.exe, uninstall, alg.exe, uninstall, apache.exe, autoup.exe, avtask.exe, boxinfo.exe, cfgeng.exe, cleanup.exe, cmdagent.exe, dstest.exe, earthagent.exe, cmder.exe, f-secu *, f-secure automa *, firefox.exe, example, framepkg.exe, example, frameworks *, frminst.exe, fspex.exe, ftp.exe, getdbhtp.exe, example *, google *, idsinst.exe, iexplore.exe, example, ilaunchr.exe, inetinfo.exe, inodist.exe, plugin, lsetup.exe, lucoms *, luupdate.exe, mcscancheck.exe, mcscript *, mctray.exe, illa.exe, example, naimserv.exe, example, netscp.exe, ofcservice.exe, opera.exe, example, pasys *, pavagent.exe, example, sevinst.exe, sucer.exe, supdate.exe, tmlisten.exe, tomcat.exe, example, example, tsc.exe, example, updaterui.exe, Example
Rule name: Disable HTTP Communication
Process to be included :*
Process to be excluded :??? Setup.exe ,?? Setup.exe ,? Setup.exe, cmdbat.exe, example, agentnt.exe, example, alg.exe, example, apache.exe, autoup.exe, avtask.exe, backweb-*, boxinfo.exe, ccmexec.exe, example, cleanup.exe, cmdagent.exe, lele.exe, example, example, dwwin.exe, earthagent.exe, eudora.exe, assumer.exe, f-secu *, f-secure automa *, firefox.exe, example, framepkg.exe, example, frameworks *, frminst.exe, fspex.exe, getdbhtp.exe, example *, google *, idsinst.exe, iexplore.exe, kernel, ikernel.exe, kernel, inetinfo.exe, inodist.exe, kernel, kernel, javaw.exe, jucheck.exe, lsetup.exe, lucoms *, luupdate.exe, kernel, kernel *, McSACore.exe, mcscancheck.exe, mcscript *, mctray.exe, mmc.exe, mobsync.exe, mozilla.exe, msexcimc.exe, mshta.exe, msi *. tmp, msiexec.exe, msimn.exe, msn6.exe, retry, retry, naimserv.exe, retry, retry, neo20.exe, netscp.exe, nlnotes.exe, retry, retry, ofcservice.exe, opera.exe, outlook.exe, retry, retry, pasys *, pavagent.exe, pavsrv50.exe, pine.exe, poco.exe, pskmssvc.exe, quicktimeplaye *, realplay.exe, RESRCMON. EXE, runscheduled.exe, SAEDisable.exe, SAEuninstall.exe, setlicense.exe, setup *. exe, setup.exe, Setup_SAE.exe, sevinst.exe, SiteAdv.exe, SPSNotific *, sucer.exe, supdate.exe, svchost.exe, thebat.exe, thunde *. exe, tmlisten.exe, tomcat.exe, tomcat5.exe, tomcat5w.exe, tsc.exe, udaterui.exe, uninstall.exe, update.exe, updaterui.exe, v3cfgu.exe, VMIMB. EXE, vmnat.exe, waol.exe, webproxy.exe, wfica32.exe, winamp.exe, windbg.exe, WinMail.exe, winpm-32.exe, wmplayer.exe, wuauclt.exe, _ ins *. _ mp
>>>>>>>================== User-defined rules ------------------>
User-defined rules
01 rule name: Global Registry protection item
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
The registry key or registry value to be protected: HKALL /**
Registry key or registry value to be protected: Key
Registry operation to be blocked: Write, create, and delete
02 rule name: Global Registry protection _ value
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
The registry key or registry value to be protected: HKALL /**
Registry key or registry value to be protected: Value
Registry operation to be blocked: Write, create, and delete
03 rule name: global control network port connection
Process to be included :*.*
Processes to be excluded: dwwin.exe, javaser.exe, FireSvc.exe, FrameworkService.exe, ijavase.exe, McScript_InUse.exe, mcshield.exe, sppsvc.exe, svchost.exe
Port to be blocked: 1-65535
Direction: Inbound and Outbound
--------------------------------------------------------------------------
This is the "Clean PC mode ".
04 rule name: Global disallow modification _ system group
Process to be included :*.*
Processes to be excluded: * \ ** \ Program Files * \ **, * \ Windows \ Sys * \ wbem \ WMIADAP. EXE, * \ Windows \ Sys * \ winlogon.exe, C: \ Windows \ ehome \ ehPrivJob.exe, C: \ Windows \ ehome \ ehRec.exe, C: \ Windows \ ehome \ ehshell.exe, C: \ Windows \ eHome \ EhTray.exe, C: \ Windows \ ehome \ mcg1_host.exe, C: \ Windows \ ehome \ mcupdate. EXE, C: \ Windows \ assumer.exe, C: \ Windows \ helppane.exe, C: \ Windows \ Microsoft. NET \ ** \ dw20.exe, C: \ Windows \ Microsoft. NET \ ** \ mscorsvw.exe, C: \ Windows \ PCHealth \ HelpCtr \ Binaries \ MSConfig.exe, C: \ Windows \ regedit.exe, C: \ Windows \ servicing \ TrustedInstaller.exe, C: \ Windows \ SoftwareDistribution \ ** \ update.exe, C: \ Windows \ Sys * \ cleanmgr.exe, C: \ Windows \ Sys * \ csrss.exe, C: \ Windows \ Sys * \ defrag.exe, c: \ Windows \ Sys * \ DeviceDisplayObjectProvider.exe, C: \ Windows \ Sys * \ DllHost.exe, C: \ Windows \ Sys * \ drwtsn32.exe, C: \ Windows \ Sys * \ dwwin.exe, c: \ Windows \ Sys * \ ie4uinit.exe, C: \ Windows \ Sys * \ imapi.exe, C: \ Windows \ Sys * \ lsass.exe, C: \ Windows \ Sys * \ mmc.exe, c: \ Windows \ Sys * \ msdt.exe, C: \ Windows \ Sys * \ msdtc.exe, C: \ Windows \ sys * \ notepad.exe, C: \ Windows \ Sys * \ powercmd.exe, c: \ Windows \ Sys * \ Reg.exe, C: \ Windows \ Sys * \ rundll32.exe, C: \ Windows \ Sys * \ runonce.exe, C: \ Windows \ Sys * \ SearchIndexer.exe, c: \ Windows \ Sys * \ SearchProtocolHost.exe, C: \ Windows \ Sys * \ services.exe, C: \ Windows \ Sys * \ smss.exe, C: \ Windows \ Sys * \ sppsvc.exe, c: \ Windows \ Sys * \ svchost.exe, C: \ Windows \ Sys * \ taskhost.exe, C: \ Windows \ sys * \ unregmp2.exe, C: \ Windows \ Sys * \ wbem \ WMIADAP. EXE, C: \ Windows \ Sys * \ wbem \ wmiprvse.exe, C: \ Windows \ sys * \ werfault.exe, C: \ Windows \ Sys * \ WindowsPowerShell \ v1.0 \ powershell.exe, C: \ Windows \ Sys * \ wuapp.exe, C: \ Windows \ Sys * \ wuauclt.exe, C: \ Windows \ sys * \ mspaint.exe, C: \ Windows \ sys * \ wermgr.exe, C: \ Windows \ sys * \ SNDVOL32.EXE, C: \ Windows \ sys * \ dumprep.exe
Name of the file or folder to be blocked :**
File Operation to be prohibited: Write, create, delete, and delete
05 rule name: Global disallow modification _ Software Group
Process to be included :*.*
Processes to be excluded: * \ ** \ Windows \ **, * \ McAfee \**\*. exe, * \ Microsoft Office \ OFFICE *\*. EXE, * \ Windows Defender \ MSASCui.exe, * \ Windows Media Player \ setup_wm.exe, * \ Windows Media Player \ wmplayer.exe, * \ WinRAR \ WinRAR.exe
Name of the file or folder to be blocked :**
File Operation to be prohibited: Write, create, delete, and delete
--------------------------------------------------------------------
Add the above two as "security mode ".
06 rule name: Execution globally prohibited _ system group
Process to be included :*.*
Processes to be excluded: * \ Program Files * \ **, * \ PROGRA ~? \ **, * \ Windows \ ** \ WMIADAP. EXE, C: \ Windows \ ** \ Ati2evxx.exe, C: \ Windows \ ** \ atieclxx.exe, C: \ Windows \ ** \ atiesrxx.exe, C: \ Windows \ ** \ AUDIODG. EXE, C: \ Windows \ ** \ ceipdata.exe, C: \ Windows \ ** \ cleanmgr.exe, C: \ Windows \ ** \ conhost.exe, C: \ Windows \ ** \ conime.exe, C: \ Windows \ ** \ consent.exe, C: \ Windows \ ** \ csrss.exe, C: \ Windows \ ** \ ctfmon.exe, C: \ Windows \ ** \ defrag.exe, C: \ Windows \ ** \ DeviceDisplayObjectProvider.exe, C: \ Windows \ ** \ DllHost.exe, C: \ Windows \ ** \ drwtsn32.exe, C: \ Windows \ ** \ dumprep.exe, C: \ Windows \ ** \ dw20.exe, C: \ Windows \ ** \ Dwm.exe, C: \ Windows \ ** \ dwwin.exe, C: \ Windows \ ** \ ehPrivJob.exe, C: \ Windows \ ** \ ehRec.exe, C: \ Windows \ ** \ ehshell.exe, C: \ Windows \ ** \ EhTray.exe, C: \ Windows \ ** \ ie4uinit.exe, C: \ Windows \ ** \ imapi.exe, C: \ Windows \ ** \ IMJPMIG. EXE, C: \ Windows \ ** \ logonui.exe, C: \ Windows \ ** \ lpremove.exe, C: \ Windows \ ** \ lsass.exe, C: \ Windows \ ** \ mcgw.host.exe, C: \ Windows \ ** \ mcupdate.exe, C: \ Windows \ ** \ mmc.exe, C: \ Windows \ ** \ MSConfig.exe, C: \ Windows \ ** \ mscorsvw.exe, C: \ Windows \ ** \ msdt.exe, C: \ Windows \ ** \ msdtc.exe, C: \ Windows \ ** \ Mystify. scr, C: \ Windows \ ** \ notepad.exe, C: \ Windows \ ** \ powercmd.exe, C: \ Windows \ ** \ powershell.exe, C: \ Windows \ ** \ rundll32.exe, C: \ Windows \ ** \ runonce.exe, C: \ Windows \ ** \ SC .exe, C: \ Windows \ ** \ schtasks.exe, C: \ Windows \ ** \ SearchFilterHost.exe, C: \ Windows \ ** \ SearchIndexer.exe, C: \ Windows \ ** \ SearchProtocolHost.exe, C: \ Windows \ ** \ ServerManagerLauncher.exe, C: \ Windows \ ** \ services.exe, C: \ Windows \ ** \ smss.exe, C: \ Windows \ ** \ spoolsv.exe, C: \ Windows \ ** \ sppsvc.exe, C: \ Windows \ ** \ svchost.exe, C: \ Windows \ ** \ taskhost.exe, C: \ Windows \ ** \ tasklist.exe, C: \ Windows \ ** \ taskmgr.exe, C: \ Windows \ ** \ TrustedInstaller.exe, C: \ Windows \ ** \ unregmp2.exe, C: \ Windows \ ** \ userinit.exe, C: \ Windows \ ** \ verclsid.exe, C: \ Windows \ ** \ WDKeyMonitorCCB.exe, C: \ Windows \ ** \ werfault.exe, C: \ Windows \ ** \ wermgr.exe, C: \ Windows \ ** \ wininit.exe, C: \ Windows \ ** \ winlogon.exe, C: \ Windows \ ** \ wmiprvse.exe, C: \ Windows \ ** \ wsqmcons.exe, C: \ Windows \ ** \ wuapp.exe, C: \ Windows \ ** \ wuauclt.exe, C: \ Windows \ assumer.exe, C: \ Windows \ helppane.exe, C: \ Windows \ regedit.exe, C: \ Windows \ RTHDCPL. EXE, C: \ Windows \ SoftwareDistribution \ ** \ update.exe, C: \ Windows \ splwow64.exe, C: \ Windows \ ** \ mspaint.exe, C: \ Windows \ ** \ SNDVOL32.EXE, C: \ Windows \ ** \ Flash \ FlashUtil10r_ActiveX.exe, C: \ Windows \ ** \ aitagent. EXE, C: \ WINDOWS \ ** \ Binaries \ HelpSvc.exe (2310 characters in use)
Name of the file or folder to be blocked :**
File Operation to be prohibited: Run
07 rule name: Execution globally prohibited _ Software Group
Process to be included :*.*
Processes to be excluded: * \ ** \ Windows \ **, * \ McAfee \**\*. exe, * \ Microsoft Office \ OFFICE *\*. EXE, * \ Windows Defender \ MSASCui.exe, * \ Windows Media Player \ setup_wm.exe, * \ Windows Media Player \ wmplayer.exe, * \ WinRAR \ WinRAR.exe
Name of the file or folder to be blocked :**
File Operation to be prohibited: Run
-----------------------------------------------------------------
Add the above two to the "crazy mode ".
08 rule name: Disable Browser/download software to modify system files
Processes to be included: cw.wclient.exe, chrome.exe, firefox.exe, iexplore.exe, opera.exe, safari.exe, theworld.exe, and Thunder.exe
Process to be excluded: None
Name of the file or folder to be blocked: C: \ Windows \ ** (XP: ** \ Windows \**)
File Operation to be prohibited: Write, create, delete, and delete
09 rule name: Prohibit the browser/download software from modifying executable files under AppData (in XP, prohibit the browser/download software from modifying executable files under Local Settings)
Processes to be included: cw.wclient.exe, istme.exe, Thunder.exe, chrome.exe, firefox.exe, opera.exe, safari.exe, and theworld.exe
Process to be excluded: None
Name of the file or folder to be blocked: ** \ AppData \ ** \ *. exe (XP: ** \ Local Settings \ ** \ *. exe)
File Operation to be prohibited: Write, execute, create, delete
------------------------------------------------------------------
Add the above two items as "entry defense ".