Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherVIRUSSCAN ENTERPRISE
21222324252627282930
DescriptionProtection level
Anti-virus rules that block destructive code from accessing the computer until a DAT
file is released. These rules are preconfigured to block access to shares during an
outbreak.
Outbreak control
Access point violations and how VirusScan Enterprise responds
An access violation occurs when a restricted user or process tries to start, stop, or access
restricted components of your computer.
When an access point violation occurs:
Information is recorded in the log file, if you selected the Report option for the rule that
detected the violation.
The event is recorded in the local event log and to SNMP, if you configured Alert Properties
to do so.
The event is reported to Alert Manager and ePolicy Orchestrator, if those products are
configured to do so.
A Block and Report action for a rule determine what happens when a rule detects a
violation.
On the standalone client system, a red frame surrounds the system tray icon and remains
visible for 30 minutes, unless you reset it.
NOTE: To reset the icon, open the Access Protection Log File from the system tray icon.
Opening the log file by any other method does not reset the icon to its normal state.
Types of user-defined rules
When you configure a new access protection user-defined rule you are allowed to create port
blocking, file and folder blocking, and registry blocking rules.
The following table describes these rules.
Rule descriptions
DescriptionRule
Blocks incoming or outgoing network traffic on specific ports or ranges of ports.
NOTE: When you block a port, Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP) accesses are blocked.
NOTE: When you block a port any protocol using that port or range of ports is blocked.
For example, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
accesses are blocked.
Port Blocking Rule
Blocks write access to files and folders, file execution, plus new file creation and file
deletion.
NOTE: Once you restrict access to a file or folder, the restriction remains in place until
the administrator removes it. This helps prevent intrusions and stops them from spreading
during an outbreak.
File/Folder Blocking Rule
Protects registry keys or values by blocking these actions: write to, create, or delete.Registry Blocking Rule
Part I - Prevention: Avoiding Threats
Protecting your system access points
25McAfee VirusScan Enterprise 8.8 Product Guide