Product guide
• The event is recorded in the local event log and to SNMP, if you configured Alert Properties
to do so.
• The event is reported to Alert Manager and/or ePolicy Orchestrator, if those products are
configured to do so.
• The Block and/or Report action is taken depending on which actions are configured for
the rule that detected the violation.
• On the client system, a red frame surrounds the system tray icon and remains visible for 30
minutes unless you reset it.
NOTE: To reset the icon, open the Access Protection Log File from the system tray icon.
Opening the log file by any other method does not reset the icon to its normal state.
Types of user-defined rules
Choose from these three types of rules.
Rule descriptions
DescriptionRule
Blocks incoming or outgoing network traffic on specific ports or ranges of ports.
NOTE: When you block a port, Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP) accesses are blocked.
Port Blocking Rule
Blocks read or write access to files and folders.
NOTE: Once you restrict access to a file or folder, the restriction remains in place until
the administrator removes it. This helps prevent intrusions and stops them from spreading
during an outbreak.
File/Folder Blocking Rule
Protects registry keys or values by blocking these actions: read from, write to, create,
or delete.
Registry Blocking Rule
Configuring access protection settings
To access the Access Protection properties
• From the ePolicy Orchestrator console, go to Systems | Policy Catalog and select
VirusScan Enterprise 8.7.0 in the Product list and Access Protection Policies in the
Category list.
• From the VirusScan Console, open the Access Protection properties.
Configure the options on each tab. For option descriptions, click ? or Help on each tab.
Tab descriptions
DescriptionTab
Access Protection • Enable access protection.
• Configure rules.
• Prevent McAfee processes from being stopped.
Protecting Your System Access Points
Types of user-defined rules
15McAfee VirusScan Enterprise 8.7i