Use mcafee to build your own security server

Comments: After mcafee is used, it seems that its monitoring has nothing to say. It is really good to kill software, but it may be a bit difficult for new users to set up, however, if you only use the default settings, the security is a little low. Maybe many of your friends are importing ready-made rules. Based on the idea of DIY, everyone should have their own unique settings, so I would like to share with you the coffee rule settings. There are a lot of rules, and you don't have to set them all. It depends on your actual situation! Coffee is one of the three most popular soft sales targets in the world and the most popular soft sales targets. It is the most sensitive and most comprehensive measure to date. The following is an official introduction of coffee to kill soft coffee:
In addition to operating interface updates, McAfee Anti-Virus Software also integrates the company's WebScanX features, adding many new features! In addition to helping you detect and clear viruses, it also has a VShield automatic monitoring System that will be resident in System Tray, when you enable a file in a disk, network, or e-mail folder, the security of the file is automatically detected. If the file contains viruses, the system immediately warns, it also supports the shortcut menu function, and you can use a password to lock personal settings so that others cannot modify your settings.
Notes for installing coffee:
1. During installation, select "permanent" in the time option and do not choose to book for a year.
2. The first upgrade of coffee will be very slow, about 2 ~ It takes 3 hours to complete. Please be patient. The virus database will be upgraded soon in the future, generally 1 ~ 3 minutes. Coffee 1 ~ 3-day upgrade
Once. In some cases, the upgrade is performed three or more times a day.
After the coffee is installed, set the coffee first:
1. access protection. Double-click access protection to enable access protection. There are three options: port blocking, file protection, and report.
(1) Change the port settings. Select all default port blocking.
Add a new rule for Blocked ports. The total number of ports is 65535. Okay, set 1 ~ Set all ports 65535. Because there are two blocking modes for coffee ports: Block inbound traffic and block outbound traffic ~ Port 65535 must be divided into two groups. One group stops passing through 1 ~ Port 65535 inbound, a group of blocks through 1 ~ Port 65535 outbound. To facilitate the setting and viewing of processes affected by port blocking, you can set this way. 1 ~ 1000, set a rule at intervals of 100 ports and label the rule. 1000 ~ 10000
, Set a rule every 1000 ports. 10000 ~ 65535 set a rule and add a label at the same time. After the configuration is completed, you can connect to the Internet for testing. How can this problem be solved? Of course, no one else can get in. Okay. Open the coffee log to check which processes are blocked and which specific rules are blocked. Bytes
Okay. And so on. Add the affected processes. After setting, you can access the Internet. In this way, the port 99% can be blocked. The Trojans that pass through the port are almost useless.
(2) modify the access protection settings. Select all default settings. Open edit one by one to view the configuration of each rule. Select "block and report access attempts. -- Many of the default rules are warning mode and change them (Note: if you change the default settings, please think twice; otherwise, I will not be responsible for any exceptions ). Merge remote file protection rules such as exe and ocx. All remote operations include creating, writing, executing, reading, and deleting files.
(3) change the Log Path of the coffee. In other disks.
2. Harmful program policies. None of the default rules are selected. Select all of them.
3. Set a password for the coffee killer software. Coffee console-tools-User Interface Options-Password options. Select password to protect all the following items. Set a strong password of more than 8 characters. After setting a series of rules with coffee, you can lock the coffee killing interface. In this way, no one else can change your coffee settings.
4. Protection of shared resources. Open coffee access protection-File Protection-share resources, set it to block and report access attempts. In this way, shared resources cannot be shared by others.
5. Set by access scanner. General -- scan -- remove the boot area and scan the floppy disk when shutdown.
For other settings, let's do it on your own.
The above are some rules carried by coffee itself. For security purposes, you can perform more rigorous settings.
1. Use coffee to kill software to prevent rogue software such as 3721, Internet pigs, Chinese mail, Baidu souba, and yisearch.
At present, 3721, Internet pig, Chinese mail, Baidu souba, and yisearch often sneak into your computer, and it is difficult to uninstall it. Use coffee to stop them from entering.
Example of an application for secure website operation:
When your website uses ASP or ASPX as a website, the following is a simple example to set up that your ASP is not hacked,
Coffee console ------ access protection ------ folder protection ----- add


After this setting, no matter whether a hacker uploads an ASP file or a file with the AS extension cannot be uploaded, AS long AS the file is uploaded to the PowerEasy directory, how to modify, write, such AS, create, or delete the file cannot be operated, cannot start. Of course, this is only one of the methods, and you have to use your skills to ensure the security of your servers. Oh, remember to set more than 10 strong passwords for coffee and lock the coffee. To protect all disks, even if the super administrator password of the server is obtained, the general hackers will leave without them. Haha...
N methods are listed below:
1. Enable soft access protection and create the following rules:
1. It is prohibited to create, write, execute, and read 3721 of any content locally;
2. It is prohibited to create, write, execute, and read any content from the Internet pig locally;
3. It is prohibited to create, write, execute, and read any content of Chinese mail locally;
4. It is prohibited to create, write, execute, and read any content of Baidu souba locally;
5. You cannot create, write, execute, or read any content locally.
Well, 3721, Internet pig, Chinese mail, Baidu souba, yisearch and other rogue software have no reason to stay in your computer.
Add some settings. For example, the method to prevent 3721:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit local creation, writing, execution, and reading of 3721 of any content
Blocked object :*
File or file name to block: ** \ 3721 *\**
File Operations to be blocked: Check all operations before creating, writing, executing, and reading files.
Response Method: block and report access attempts
I installed a lot of software bundled with 3721. When coffee opened this rule, 3721 only saw one ghost shadow-an empty 3721 folder.
2. Use coffee to kill software to prevent unknown Trojan viruses
I checked the relevant information. For now, there are basically three types of Trojans and viruses: exe, dll, and vxd. Okay, as long as we create the following three protection mechanisms:
(1) It is prohibited to create or write any exe file anywhere on the local device.
(2) It is prohibited to create or write any dll file anywhere locally.
(3) It is prohibited to create or write any vxd file anywhere on the local device.
In this way, the various types of Trojan viruses cannot be entered. Of course, this rule is very aggressive, that is, you update the coffee virus database, upgrade other software, download files of the exe, dll, and vxd types, and moving any files of the exe, dll, and vxd types is impossible. Therefore, when you perform a similar operation, temporarily cancel the rule and continue to use it after the operation is completed.
Some rules are created as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: do not create or write any exe files anywhere locally
Blocked object :*
File or file name to block: ** \ *. exe
File Operation to be blocked: check before creating a file or writing a file.
Response Method: block and report access attempts
For other similar rules, refer to settings.
3. Block the arbitrary deletion of Files
Now there are many viruses that Delete the mp3 format. Well, this can be done to prevent such incidents. Enable coffee access protection and create the following rule: Do not delete any local mp3 files. Okay, it's impossible for these viruses to delete mp3 files. Even you cannot delete mp3! Unless banned! To prevent viruses and Trojans that are similar to deleting some files, all right. Create another rule to prohibit the deletion of any local content. All right, viruses and Trojans that delete various files are useless. Of course, if this rule works, you cannot delete anything yourself. When you need to delete some content, temporarily cancel this rule. After the deletion operation is complete, open it again. This rule is very useful to protect your computer from being deleted by others. What's more, if someone else is confused, he won't even think that coffee is blocking the delete operation!
The rule creation is as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit the deletion of any local mp3 files
Blocked object :*
File or file name to block: ** \ *. mp3
Object operation to be blocked: Check the object before deleting it.
Response Method: block and report access attempts
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit the deletion of any local content
Blocked object :*
File or file name to block :**\*\**
Object operation to be blocked: Check the object before deleting it.
Response Method: block and report access attempts
You can also use a similar method to protect any file from being deleted. For example, rm files. Try it by yourself.
4. Use coffee to protect the registry.
Currently, many Trojans and viruses prefer to reside in the registry. Okay. We use coffee to create such a rule. You cannot create or write local registries. Okay. Unless you agree, the Registry will not be modified for no reason. If the rule is still enabled for coffee, including software installation, haha, although the software is installed, nothing is written in the registry. Although a lot of software needs to be written into the registry, it can be used without being written into the registry. If you don't believe it, you can try it! Of course, if you do not write data to the Registry, software functions will be compromised, especially software and firewalls. I have done similar experiments. The Anti-Spyware agent is not allowed to be written into the registry. As a result, it can only find but cannot clear the spyware. (check whether the number of spyware has nothing to do with whether it is written into the registry when the anti-spyware agent is installed ). Comparing the Registry monitoring functions of Kingsoft and rising, Kingsoft and rising are far behind. Their monitoring of the registry is not only annoying, but also meaningless. For example, if you install a software and click "stop writing data to the Registry", click "continue. Ten years is not over. What is the significance?
The rule creation is as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit creation and writing of the local registry
Blocked object :*
File or file name to block: ** \ *. reg
File Operation to be blocked: check before creating a file or writing a file.
Response Method: block and report access attempts
5. Use coffee to protect the home page.
You can use coffee kill to protect the browser homepage from being modified. This eliminates the need to install other software for protection. Other browser protection software not only occupies a certain amount of resources, but also has poor performance. The coffee protection effect is quite satisfactory. The specific method is as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: do not create or modify the hosts file locally
Blocked object: IEXPLORE. EXE, or *
File or file name to block: ** \ etc *\**
File Operation to be blocked: check before creating, writing, and deleting a file.
Response Method: block and report access attempts
Okay. A malicious Website Cannot change your homepage.
6. prevent malicious script intrusion.
Open the file protection rules in the coffee kill soft access protection and create these rules:
(1) It is prohibited to read, execute, create, and write any js file anywhere locally.
(2) It is prohibited to read, execute, create, and write any vbs file anywhere on the local device.
(3) prohibit reading, executing, creating, and writing any htm file anywhere locally
(4) prohibit reading, executing, creating, and writing any html file anywhere locally
All right, malicious websites intrude into the malicious code and Trojans of the machine through scripts.
Some rules are created as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit reading, executing, creating, and writing any js file anywhere locally
Blocked object :*
File or file name to block: ** \ *. js
File Operations to be blocked: Check Before reading, executing, creating, and writing files.
Response Method: block and report access attempts
For other similar rules, refer to settings.
Of course, this is a little harsh and may prevent access to the Internet. You can modify these rules to prevent creation and writing.
7. Use coffee to prevent plug-in intrusion.
The Internet is getting increasingly insecure. There are more and more malicious plug-ins. Okay. We use coffee to deal with them. Because these plug-ins are kidnapped into Internet Explorer files, we can use coffee to protect Internet Explorer files.
The rule creation is as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: do not create or write data in the Internet Explorer folder
Blocked object :*
File or file name to block: ** \ Internet Explorer *\**
File Operation to be blocked: check before creating a file or writing a file.
Response Method: block and report access attempts
Well, those plug-ins cannot come in.
8. Prevent hacker damage.
At present, there are more and more hackers and they are more and more fond of intruding into their personal hosts. Hackers intrude into a host for two other reasons:
(1) operator. Learn how to intrude into others.
(2) Planting backdoors. Control others.
Okay. Speak nonsense. Hacker intrusion is difficult to block. How can we block intrusions from hacker damage? How to check coffee. We use coffee to create a rule that prohibits remote operations on any local files/folders. In this way, what else can a hacker do even if he intrude into your host?
The specific rule settings are as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit remote operations on any local files/folders
Blocked object: System: Remote
File or file name to block :**\*\**
File Operations to be blocked: Check Before reading, executing, creating, writing, and deleting a file.
Response Method: block and report access attempts. If you are not at ease, you can create a rule for each root directory folder on the system disk. Prohibit hackers from performing any operations on them. For more information, see. In this way, the hacker can perform further damage activities unless the hacker can damage the coffee or know the coffee password and change the coffee settings. It is not easy for hackers to destroy coffee. People who have used coffee know that coffee cannot be exited, but can only continue to work. Of course, hackers can uninstall the coffee to destroy it. The problem is that the hacker must call files such as exe for remote uninstallation, and the coffee does not allow hackers to remotely perform any operations on files such as exe. I was attacked by a hacker shortly after I used coffee. At that time, I still didn't know how to set such strict rules. I just opened the default protection rules for exe and dll files in coffee, the hacker did not do anything. If such strict rules can be established, there will be very few things that hackers can do.
9. Prevent program running.
Coffee has a powerful blocking function that can block almost any program running. For example, the tftp.exe program is generally unavailable to users. You can use coffee to stop him from running. Note: The default rules for coffee are already set. This function is very useful. If you do not want to run a program one day, you can use this rule to terminate the program. Or, a Trojan or virus cannot be cleared in a certain day. What should I do? Then the coffee function is highlighted. Stop the trojan and virus program with coffee. In this way, the trojan cannot be run, and it is no longer a zombie.
10. Establish the strictest rules.
Trojans are often used when hackers visit websites, crack bases, and yellow websites. Although I do not go to those websites, the following rules are specially created for the security of those who often go to hacking websites, cracking bases, and yellow websites. You are prohibited from creating, writing, or deleting data locally. In this way, the chance of winning a move is 0.
The specific rule settings are as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit any creation, write, or deletion activities locally.
Blocked object :*
File or file name to block :**\*\**
File Operation to be blocked: check before creating, writing, and deleting a file.
Response Method: block and report access attempts
As this rule is very strict, it is recommended to enable it only when hackers browse websites, crack bases, and yellow websites. This rule generates a large number of logs, and hundreds of detailed logs are generated every minute, occupying a lot of space. Therefore, it is very important to move coffee logs to other disks. Of course, this rule is also suitable for those who are very secure.
11. Prevent Cookies from leaking personal privacy
Some websites or \ and hackers may use Cookies to steal user information. Okay. This can be done to prevent such incidents as much as possible. Use coffee to establish Cookies protection.
The specific rule settings are as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: prohibits certain operations on Cookies.
Blocked object :*
File or file name to block: ** \ Cookies *\**
File Operations to be blocked: Check Before reading, creating, and writing files.
Response Method: block and report access attempts. The personal privacy leaked through Cookies is protected by coffee. Of course, this setting is inappropriate for some websites. You need to cancel this rule temporarily. As for the protection mechanism of Cookies by IE browser, it is not very good. Prohibited. Many websites cannot go. No. It is dangerous. Compared with coffee, coffee is obviously more user-friendly. I hope you will like it.
12. Use coffee to protect private files.
This is achieved using coffee's powerful file protection performance. Many people like to use encryption software to encrypt personal files and play a protective role. If you use coffee, you can use coffee to implement this function. In addition, the protection effect is ideal. If others are not very familiar with coffee, they will not think of it as a soft killer to protect it. In addition, when someone else reads or opens a file, the coffee protection file does not mention the password or coffee, but prompts: Make sure the disk is not protected. For the average person, the file is damaged and cannot be opened. Haha. Do you mean something?
The following describes how to implement this function. First, put all your personal files to be protected in a root directory, for example, named meteor shower. Then protect the file. |
The specific rule settings are as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: do not perform any operations on meteor shower files/folders
Blocked object :*
File or file name to block: ** \ meteor shower *\**
File Operations to be blocked: Check Before reading, executing, creating, writing, and deleting a file.
Response Method: block and report access attempts
If you have another file name, set it as needed.
Now, no one can open or delete this file under the coffee protection. You can enable this function only when you temporarily cancel the coffee rule.
In addition, do not forget to set a super password with more than 8 digits for the coffee. During the protection period, lock the coffee interface.
Of course, in my personal opinion, there will be no absolute confidential files. It is nothing more than asking others to read things. Therefore, the coffee function is good. I hope you will like it.
13. Use coffee to securely protect shared resources-this is all right.
Many people like to share some of their resources with others on the Internet, but at the same time, there must be insecure factors. To maximize personal security, coffee can take this responsibility.
Coffee has powerful protection rules that can be fully implemented. The following describes how to securely share resources. Now we assume that the hard disk has four partitions: C, D, E, and F, and the system disk is a C disk. You want to share your edisk resources. You can do this. Use coffee kill to establish the following rules: Prohibit remote operations on the drive C; prohibit remote operations on the drive D; you are prohibited from creating, writing, or deleting an edisk remotely. The specific rule settings are as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Disable remote operations on drive C.
Blocked object: System: Remote
File or file name to block: C :\*\**
File Operations to be blocked: Check Before reading, executing, creating, writing, and deleting a file.
Response Method: block and report access attempts
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Disable remote operations on disk D.
Blocked object: System: Remote
File or file name to block: D :\*\**
File Operations to be blocked: Check Before reading, executing, creating, writing, and deleting a file.
Response Method: block and report access attempts
Coffee console ------ access protection ------ folder protection ----- add
Rule name: allows you to create, write, and delete an edisk remotely.
Disable remote operations on an edisk
Blocked object: System: Remote
File or file name to block: E :\*\**
File Operation to be blocked: check before creating, writing, and deleting a file.
Response Method: block and report access attempts
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit remote operations on the F Disk
Blocked object: System: Remote
File or file name to block: F :\*\**
File Operations to be blocked: Check Before reading, executing, creating, writing, and deleting a file.
Response Method: After blocking and reporting access attempts to set the above rules, you also need to use coffee to keep existing shared resources. Go to the coffee console ------ access protection ----- folder protection ------ share resources, and check to keep existing access permissions for shared resources. Set a super password with more than 15 digits for the coffee and lock the coffee interface. Okay. Use coffee to protect your security settings. If you want to share the USB flash drive, you can also refer to the settings. These rule settings are also suitable for many websites. However, you need to modify it a bit to make a better effect.

14. Restrict modification of important management tools in Computer Management Tools
Computer Management tools include many important tools, such as local security policies, distributed file systems, services, computer management, and group policies. These operations are generally not changed easily after they are modified. To prevent others from changing these settings, you can disable them. There are many ways to disable it. Here we will mainly talk about how to implement this function through coffee nets. So you can use this feature to disable them. The rule settings are as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: restrict the modification of important management tools in Computer Management Tools
Blocked object :*
File or file name to block: ** \ mmc.exe
File Operations to be blocked: Check Before reading, executing, creating, and writing files.
Response Method: block and report access attempts. NET Framework configuration, Local Security Policy, distributed file system, service, Computer Management, Routing and Remote Access, event viewer, performance, Remote Desktop, Certificate Authority, terminal service configuration, component service, dozens of important tools such as group policy, Device Manager, and console, to prevent modification. When the coffee rule is enabled and these management tools are modified, the system is prompted that you do not have the permission to perform the operation (even if you log on to the Administrators, you do not have the permission to modify it ). If you perform similar operations, open the coffee and temporarily cancel this rule. Of course, it is essential to set a password for coffee.
15. Blocking QQ and other chat software
Blocking QQ is a headache for network administrators and company bosses (both for their own use and for others to use QQ). In the past, we can also block ports such as UDP 4000, however, since TENCENT opened up QQ's TCP/IP login function, blocking QQ has become more difficult. As long as you can access the Internet, you can use a browser to browse the Web page to access QQ. QQ makes network management and company bosses more cumbersome. If you use the coffee Enterprise Edition, you can use coffee to completely block QQ. The method is simple. Just use coffee to stop QQ. The specific rule settings are as follows:
Coffee console ------ access protection ------ folder protection ----- add
Rule name: Prohibit QQ operation
Blocked object :*
File or file name to block: ** \ QQ.exe
File Operations to be blocked: Check Before reading, executing, creating, and writing files.
Response Method: block and report access attempts. Set the above rules. Then, set more than 10 strong passwords for coffee and lock the coffee, QQ cannot run on your host. When others want to run QQ, the system will prompt: You are not authorized to run QQ! Unless the coffee is unbanned! If you do not want others to install QQ on your host, this rule can also be used. In addition, if you want to block other chat software, refer to the blocking QQ settings.