Rule settings for McAfee 8.8 Enterprise Edition (intermediate), mcfee8.8

Source: Internet
Author: User
Tags trustedinstaller

Rule settings for McAfee 8.8 Enterprise Edition (intermediate), mcfee8.8
Rule Description:
1. Integration: the default rule uses the evil version "McAfee8.8 general enhanced rules classic edition" and makes effective adjustments. Custom rules are integrated with tiannuo Group Defense and Cat version browser defense rules.
2. Security: the Clean PC mode + security mode + crazy mode + portal defense form a comprehensive, systematic, and meticulous three-dimensional powerful defense system.
3. Efficiency: there are only nine custom rules, one for one, which is clear at a glance and there are no duplicates.
4. ease of use: do not consider the exclusion as complicated. It is mainly concentrated in software groups with custom rules.
5. Smooth: system, software, surfing, self-experience, fast and smooth.
6. General Purpose: For Windows systems, you can simply import the corresponding rules to the corresponding systems and exclude them from adaptability (of course, you do not have to set them yourself ).
7. customization: The system group, built-in software, and coffee itself have been basically excluded. You need to exclude the real-machine software yourself; otherwise, the machine cannot run at all.
8. Tired. The rules have been completely beyond the limit and tend to be perfect. Just use them as the final rules for tiannuo! Thank you for your support and love!

Town edition rules:

McAfee 8.8 tiannuo fenfeng Zhen edition rules 32bit .rar
McAfee 8.8 tiannuo fenfeng Zhen edition rule 64bit .rar
Rule XP.rar of McAfee 8.8

Package

Software Name:
McAfee 8.8 Enterprise Edition rules official version 32/64-bit for xp, win7, 2008 Packaging
Software size:
16 KB
Updated on:
2016-09-04


The following is the rule Text Version:

>>>>>>>===================== Default rule ---------------->

Anti-Spyware standard protection

Rule name: Protect Internet Explorer favorites and settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**

Maximum protection against spyware

Rule name: Disable the installation of new CLSID, APPID, and TYPELIB
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**

Rule name: Prohibit all programs from running files from the Temp folder
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**

Rule name: Prohibit script execution from the Temp folder
Process to be included :? Script.exe
Process to be excluded: None

Anti-Virus standard protection

Rule name: Disable Registry Editor and Task Manager
Process to be included :*
Process to be excluded: None

Rule name: forbidden to Change User Permission Policy
Process to be included :*
Process to be excluded: * \ ** \ Windows \**

Rule name: Prohibit remote creation/modification of executable files and configuration files
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**

Rule name: Disable remote creation of automatic run files
Process to be included :*
Process to be excluded: None

Rule name: prohibit blocking. EXE and other executable file extensions
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**

Rule name: disables disguised Windows Processes
Process to be included :*
Process to be excluded: * \ ** \ Windows \ assumer.exe

Rule name: Prohibit group email worms from sending emails
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**

Rule name: Disable IRC Communication
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**

Rule name: Disable tftp.exe
Process to be included :*
Process to be excluded: None

Anti-virus protection

Rule name: Prohibit Svchost from executing non-Windows executable files
Process to be included: svchost.exe
Process to be excluded: None

Rule name: protects phone book files from password and email address thieves
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**

Rule name: Disable registration of all file extensions
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**

Rule name: protects cached files from password and email address thieves
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**

Anti-virus outbreak control

Rule name: Set all shared items to read-only
Process to be included: system: remote
Process to be excluded: None

Rule name: block read/write access to all shared resources
Process to be included :*.*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**

General standard protection

Rule name: prohibit modification of McAfee files and settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**

Rule name: Disable modification of the McAfee Common Management Agent file and settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**

Rule name: prohibit modification of McAfee Scan Engine files and settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**

Rule name: protects Mozilla and FireFox files and settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**

Rule name: protects Internet Explorer Settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**

Rule name: Disable Browser Helper Objects and Shell Extensions Installation
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**

Rule name: Network Protection Settings
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**

Rule name: prohibit a public program from running files from the Temp folder
Process to be included: iexplore.exe
Process to be excluded: None

Rule name: Disable hcp url in Internet Explorer
Process to be included :*
Process to be excluded: None

Rule name: prevents the McAfee process from being terminated
Process to be included :*
Process to be excluded: None

Universal maximum protection

Rule name: do not register a program as automatic
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \**

Rule name: do not register a program as a service
Process to be included :*
Process to be excluded: * \ ** \ Windows \**

Rule name: do not create an executable file in the Windows folder
Process to be included :*
Process to be excluded: None

Rule name: do not create an executable file in the Program Files folder.
Process to be included :*
Process to be excluded: * \ ** \ Program Files * \ McAfee \ Common Framework \ FrameworkService.exe

Rule name: disable file startup from the Downloaded Program Files Folder
Process to be included :*
Process to be excluded: None

Rule name: Prohibit FTP Communication
Process to be included :*
Processes to be excluded: agentnt.exe, uninstall, alg.exe, uninstall, apache.exe, autoup.exe, avtask.exe, boxinfo.exe, cfgeng.exe, cleanup.exe, cmdagent.exe, dstest.exe, earthagent.exe, cmder.exe, f-secu *, f-secure automa *, firefox.exe, example, framepkg.exe, example, frameworks *, frminst.exe, fspex.exe, ftp.exe, getdbhtp.exe, example *, google *, idsinst.exe, iexplore.exe, example, ilaunchr.exe, inetinfo.exe, inodist.exe, plugin, lsetup.exe, lucoms *, luupdate.exe, mcscancheck.exe, mcscript *, mctray.exe, illa.exe, example, naimserv.exe, example, netscp.exe, ofcservice.exe, opera.exe, example, pasys *, pavagent.exe, example, sevinst.exe, sucer.exe, supdate.exe, tmlisten.exe, tomcat.exe, example, example, tsc.exe, example, updaterui.exe, Example

Rule name: Disable HTTP Communication
Process to be included :*
Process to be excluded :??? Setup.exe ,?? Setup.exe ,? Setup.exe, cmdbat.exe, example, agentnt.exe, example, alg.exe, example, apache.exe, autoup.exe, avtask.exe, backweb-*, boxinfo.exe, ccmexec.exe, example, cleanup.exe, cmdagent.exe, lele.exe, example, example, dwwin.exe, earthagent.exe, eudora.exe, assumer.exe, f-secu *, f-secure automa *, firefox.exe, example, framepkg.exe, example, frameworks *, frminst.exe, fspex.exe, getdbhtp.exe, example *, google *, idsinst.exe, iexplore.exe, kernel, ikernel.exe, kernel, inetinfo.exe, inodist.exe, kernel, kernel, javaw.exe, jucheck.exe, lsetup.exe, lucoms *, luupdate.exe, kernel, kernel *, McSACore.exe, mcscancheck.exe, mcscript *, mctray.exe, mmc.exe, mobsync.exe, mozilla.exe, msexcimc.exe, mshta.exe, msi *. tmp, msiexec.exe, msimn.exe, msn6.exe, retry, retry, naimserv.exe, retry, retry, neo20.exe, netscp.exe, nlnotes.exe, retry, retry, ofcservice.exe, opera.exe, outlook.exe, retry, retry, pasys *, pavagent.exe, pavsrv50.exe, pine.exe, poco.exe, pskmssvc.exe, quicktimeplaye *, realplay.exe, RESRCMON. EXE, runscheduled.exe, SAEDisable.exe, SAEuninstall.exe, setlicense.exe, setup *. exe, setup.exe, Setup_SAE.exe, sevinst.exe, SiteAdv.exe, SPSNotific *, sucer.exe, supdate.exe, svchost.exe, thebat.exe, thunde *. exe, tmlisten.exe, tomcat.exe, tomcat5.exe, tomcat5w.exe, tsc.exe, udaterui.exe, uninstall.exe, update.exe, updaterui.exe, v3cfgu.exe, VMIMB. EXE, vmnat.exe, waol.exe, webproxy.exe, wfica32.exe, winamp.exe, windbg.exe, WinMail.exe, winpm-32.exe, wmplayer.exe, wuauclt.exe, _ ins *. _ mp


>>>>>>>================== User-defined rules ------------------>

User-defined rules

01 rule name: Global Registry protection item
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
The registry key or registry value to be protected: HKALL /**
Registry key or registry value to be protected: Key
Registry operation to be blocked: Write, create, and delete

02 rule name: Global Registry protection _ value
Process to be included :*
Processes to be excluded: * \ ** \ Program Files (x86) \ **, * \ ** \ Program Files \ **, * \ ** \ Windows \**
The registry key or registry value to be protected: HKALL /**
Registry key or registry value to be protected: Value
Registry operation to be blocked: Write, create, and delete

03 rule name: global control network port connection
Process to be included :*.*
Processes to be excluded: dwwin.exe, javaser.exe, FireSvc.exe, FrameworkService.exe, ijavase.exe, McScript_InUse.exe, mcshield.exe, sppsvc.exe, svchost.exe
Port to be blocked: 1-65535
Direction: Inbound and Outbound
--------------------------------------------------------------------------
This is the "Clean PC mode ".

04 rule name: Global disallow modification _ system group
Process to be included :*.*
Processes to be excluded: * \ ** \ Program Files * \ **, * \ Windows \ Sys * \ wbem \ WMIADAP. EXE, * \ Windows \ Sys * \ winlogon.exe, C: \ Windows \ ehome \ ehPrivJob.exe, C: \ Windows \ ehome \ ehRec.exe, C: \ Windows \ ehome \ ehshell.exe, C: \ Windows \ eHome \ EhTray.exe, C: \ Windows \ ehome \ mcg1_host.exe, C: \ Windows \ ehome \ mcupdate. EXE, C: \ Windows \ assumer.exe, C: \ Windows \ helppane.exe, C: \ Windows \ Microsoft. NET \ ** \ dw20.exe, C: \ Windows \ Microsoft. NET \ ** \ mscorsvw.exe, C: \ Windows \ PCHealth \ HelpCtr \ Binaries \ MSConfig.exe, C: \ Windows \ regedit.exe, C: \ Windows \ servicing \ TrustedInstaller.exe, C: \ Windows \ SoftwareDistribution \ ** \ update.exe, C: \ Windows \ Sys * \ cleanmgr.exe, C: \ Windows \ Sys * \ csrss.exe, C: \ Windows \ Sys * \ defrag.exe, c: \ Windows \ Sys * \ DeviceDisplayObjectProvider.exe, C: \ Windows \ Sys * \ DllHost.exe, C: \ Windows \ Sys * \ drwtsn32.exe, C: \ Windows \ Sys * \ dwwin.exe, c: \ Windows \ Sys * \ ie4uinit.exe, C: \ Windows \ Sys * \ imapi.exe, C: \ Windows \ Sys * \ lsass.exe, C: \ Windows \ Sys * \ mmc.exe, c: \ Windows \ Sys * \ msdt.exe, C: \ Windows \ Sys * \ msdtc.exe, C: \ Windows \ sys * \ notepad.exe, C: \ Windows \ Sys * \ powercmd.exe, c: \ Windows \ Sys * \ Reg.exe, C: \ Windows \ Sys * \ rundll32.exe, C: \ Windows \ Sys * \ runonce.exe, C: \ Windows \ Sys * \ SearchIndexer.exe, c: \ Windows \ Sys * \ SearchProtocolHost.exe, C: \ Windows \ Sys * \ services.exe, C: \ Windows \ Sys * \ smss.exe, C: \ Windows \ Sys * \ sppsvc.exe, c: \ Windows \ Sys * \ svchost.exe, C: \ Windows \ Sys * \ taskhost.exe, C: \ Windows \ sys * \ unregmp2.exe, C: \ Windows \ Sys * \ wbem \ WMIADAP. EXE, C: \ Windows \ Sys * \ wbem \ wmiprvse.exe, C: \ Windows \ sys * \ werfault.exe, C: \ Windows \ Sys * \ WindowsPowerShell \ v1.0 \ powershell.exe, C: \ Windows \ Sys * \ wuapp.exe, C: \ Windows \ Sys * \ wuauclt.exe, C: \ Windows \ sys * \ mspaint.exe, C: \ Windows \ sys * \ wermgr.exe, C: \ Windows \ sys * \ SNDVOL32.EXE, C: \ Windows \ sys * \ dumprep.exe
Name of the file or folder to be blocked :**
File Operation to be prohibited: Write, create, delete, and delete

05 rule name: Global disallow modification _ Software Group
Process to be included :*.*
Processes to be excluded: * \ ** \ Windows \ **, * \ McAfee \**\*. exe, * \ Microsoft Office \ OFFICE *\*. EXE, * \ Windows Defender \ MSASCui.exe, * \ Windows Media Player \ setup_wm.exe, * \ Windows Media Player \ wmplayer.exe, * \ WinRAR \ WinRAR.exe
Name of the file or folder to be blocked :**
File Operation to be prohibited: Write, create, delete, and delete
--------------------------------------------------------------------
Add the above two as "security mode ".

06 rule name: Execution globally prohibited _ system group
Process to be included :*.*
Processes to be excluded: * \ Program Files * \ **, * \ PROGRA ~? \ **, * \ Windows \ ** \ WMIADAP. EXE, C: \ Windows \ ** \ Ati2evxx.exe, C: \ Windows \ ** \ atieclxx.exe, C: \ Windows \ ** \ atiesrxx.exe, C: \ Windows \ ** \ AUDIODG. EXE, C: \ Windows \ ** \ ceipdata.exe, C: \ Windows \ ** \ cleanmgr.exe, C: \ Windows \ ** \ conhost.exe, C: \ Windows \ ** \ conime.exe, C: \ Windows \ ** \ consent.exe, C: \ Windows \ ** \ csrss.exe, C: \ Windows \ ** \ ctfmon.exe, C: \ Windows \ ** \ defrag.exe, C: \ Windows \ ** \ DeviceDisplayObjectProvider.exe, C: \ Windows \ ** \ DllHost.exe, C: \ Windows \ ** \ drwtsn32.exe, C: \ Windows \ ** \ dumprep.exe, C: \ Windows \ ** \ dw20.exe, C: \ Windows \ ** \ Dwm.exe, C: \ Windows \ ** \ dwwin.exe, C: \ Windows \ ** \ ehPrivJob.exe, C: \ Windows \ ** \ ehRec.exe, C: \ Windows \ ** \ ehshell.exe, C: \ Windows \ ** \ EhTray.exe, C: \ Windows \ ** \ ie4uinit.exe, C: \ Windows \ ** \ imapi.exe, C: \ Windows \ ** \ IMJPMIG. EXE, C: \ Windows \ ** \ logonui.exe, C: \ Windows \ ** \ lpremove.exe, C: \ Windows \ ** \ lsass.exe, C: \ Windows \ ** \ mcgw.host.exe, C: \ Windows \ ** \ mcupdate.exe, C: \ Windows \ ** \ mmc.exe, C: \ Windows \ ** \ MSConfig.exe, C: \ Windows \ ** \ mscorsvw.exe, C: \ Windows \ ** \ msdt.exe, C: \ Windows \ ** \ msdtc.exe, C: \ Windows \ ** \ Mystify. scr, C: \ Windows \ ** \ notepad.exe, C: \ Windows \ ** \ powercmd.exe, C: \ Windows \ ** \ powershell.exe, C: \ Windows \ ** \ rundll32.exe, C: \ Windows \ ** \ runonce.exe, C: \ Windows \ ** \ SC .exe, C: \ Windows \ ** \ schtasks.exe, C: \ Windows \ ** \ SearchFilterHost.exe, C: \ Windows \ ** \ SearchIndexer.exe, C: \ Windows \ ** \ SearchProtocolHost.exe, C: \ Windows \ ** \ ServerManagerLauncher.exe, C: \ Windows \ ** \ services.exe, C: \ Windows \ ** \ smss.exe, C: \ Windows \ ** \ spoolsv.exe, C: \ Windows \ ** \ sppsvc.exe, C: \ Windows \ ** \ svchost.exe, C: \ Windows \ ** \ taskhost.exe, C: \ Windows \ ** \ tasklist.exe, C: \ Windows \ ** \ taskmgr.exe, C: \ Windows \ ** \ TrustedInstaller.exe, C: \ Windows \ ** \ unregmp2.exe, C: \ Windows \ ** \ userinit.exe, C: \ Windows \ ** \ verclsid.exe, C: \ Windows \ ** \ WDKeyMonitorCCB.exe, C: \ Windows \ ** \ werfault.exe, C: \ Windows \ ** \ wermgr.exe, C: \ Windows \ ** \ wininit.exe, C: \ Windows \ ** \ winlogon.exe, C: \ Windows \ ** \ wmiprvse.exe, C: \ Windows \ ** \ wsqmcons.exe, C: \ Windows \ ** \ wuapp.exe, C: \ Windows \ ** \ wuauclt.exe, C: \ Windows \ assumer.exe, C: \ Windows \ helppane.exe, C: \ Windows \ regedit.exe, C: \ Windows \ RTHDCPL. EXE, C: \ Windows \ SoftwareDistribution \ ** \ update.exe, C: \ Windows \ splwow64.exe, C: \ Windows \ ** \ mspaint.exe, C: \ Windows \ ** \ SNDVOL32.EXE, C: \ Windows \ ** \ Flash \ FlashUtil10r_ActiveX.exe, C: \ Windows \ ** \ aitagent. EXE, C: \ WINDOWS \ ** \ Binaries \ HelpSvc.exe (2310 characters in use)
Name of the file or folder to be blocked :**
File Operation to be prohibited: Run

07 rule name: Execution globally prohibited _ Software Group
Process to be included :*.*
Processes to be excluded: * \ ** \ Windows \ **, * \ McAfee \**\*. exe, * \ Microsoft Office \ OFFICE *\*. EXE, * \ Windows Defender \ MSASCui.exe, * \ Windows Media Player \ setup_wm.exe, * \ Windows Media Player \ wmplayer.exe, * \ WinRAR \ WinRAR.exe
Name of the file or folder to be blocked :**
File Operation to be prohibited: Run
-----------------------------------------------------------------
Add the above two to the "crazy mode ".

08 rule name: Disable Browser/download software to modify system files
Processes to be included: cw.wclient.exe, chrome.exe, firefox.exe, iexplore.exe, opera.exe, safari.exe, theworld.exe, and Thunder.exe
Process to be excluded: None
Name of the file or folder to be blocked: C: \ Windows \ ** (XP: ** \ Windows \**)
File Operation to be prohibited: Write, create, delete, and delete

09 rule name: Prohibit the browser/download software from modifying executable files under AppData (in XP, prohibit the browser/download software from modifying executable files under Local Settings)
Processes to be included: cw.wclient.exe, istme.exe, Thunder.exe, chrome.exe, firefox.exe, opera.exe, safari.exe, and theworld.exe
Process to be excluded: None
Name of the file or folder to be blocked: ** \ AppData \ ** \ *. exe (XP: ** \ Local Settings \ ** \ *. exe)
File Operation to be prohibited: Write, execute, create, delete
------------------------------------------------------------------
Add the above two items as "entry defense ".

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.