McAfee访问规则

原创 2012年03月27日 14:40:37
"PortBlockName_0"="禁止大量发送邮件的蠕虫病毒发送邮件"
"PortBlockDirection_0"=dword:00000001
"PortBlockRange_0"="25"
"PortBlockWhiteList_0"="amgrsrvc.exe,tomcat.exe,outlook.exe,msimn.exe,agent.exe,eudora.exe,nlnotes.exe,mozilla.exe,netscp.exe,opera.exe,winpm-32.exe,pine.exe,poco.exe,thebat.exe,thunderbird.exe,ntaskldr.exe,inetinfo.exe,nsmtp.exe,nrouter.exe,tomcat5.exe,tomcat5w.exe,ebs.exe,FireSvc.exe,modulewrapper.exe,MSKSrvr.exe,MSKDetct.exe,foxmail.exe,dreammail.exe,dm2005.exe"
"PortBlockEnabled_1"=dword:00000001
"PortBlockName_1"="禁止 IRC 通讯"
"PortBlockDirection_1"=dword:00000001
"PortBlockRange_1"="6666-6669"
"PortBlockWhiteList_1"="BitComet.exe,FunPlayer.exe,emule.exe,BitLord.exe,BitSpirit.exe,VNNClient.exe,utorrent.exe"
"PortBlockEnabled_2"=dword:00000001
"PortBlockName_2"="禁止 IRC 通讯"
"PortBlockDirection_2"=dword:00000000
"PortBlockRange_2"="6666-6669"
"PortBlockWhiteList_2"="BitComet.exe,FunPlayer.exe,emule.exe,BitLord.exe,BitSpirit.exe,VNNClient.exe,utorrent.exe"
"PortBlockEnabled_3"=dword:00000000
"PortBlockName_3"="禁止从万维网上下载"
"PortBlockDirection_3"=dword:00000001
"PortBlockRange_3"="80"
"PortBlockWhiteList_3"="outlook.exe,msimn.exe,iexplore.exe,mozilla.exe,netscp.exe,opera.exe,thunderbird.exe,msn6.exe,neo20.exe,mobsync.exe,waol.exe,nlnotes.exe"
"PortBlockEnabled_4"=dword:00000000
"PortBlockName_4"="禁止 FTP 入站通讯(阻止诸如 Nimda 等病毒传播)"
"PortBlockDirection_4"=dword:00000000
"PortBlockRange_4"="20-21"
"PortBlockWhiteList_4"=""
"PortBlockEnabled_5"=dword:00000000
"PortBlockName_5"="禁止 FTP 出站通讯(阻止病毒下载文件)"
"PortBlockDirection_5"=dword:00000001
"PortBlockRange_5"="20-21"
"PortBlockWhiteList_5"="ftp.exe,iexplore.exe"
"PortBlockEnabled_6"=dword:00000001
"PortBlockName_6"="禁止波波入侵135"
"PortBlockDirection_6"=dword:00000000
"PortBlockRange_6"="135-135"
"PortBlockWhiteList_6"="BitComet.exe,FunPlayer.exe,emule.exe,BitLord.exe,BitSpirit.exe,utorrent.exe"
"PortBlockEnabled_7"=dword:00000001
"PortBlockName_7"="禁止波波入侵445"
"PortBlockDirection_7"=dword:00000000
"PortBlockRange_7"="445-445"
"PortBlockWhiteList_7"="BitComet.exe,FunPlayer.exe,emule.exe,BitLord.exe,BitSpirit.exe,utorrent.exe"
"FileBlockRuleName_0"="禁止在windows下生成如SCVHOST,SCVh0ST这些仿冒伪劣垃圾"
"FileBlockProcess_0"="*"
"FileBlockWhat_0"=dword:000f0000
"FileBlockReport_0"=dword:00000001
"FileBlockRuleName_1"="禁止在windows下生成如smss仿冒伪劣垃圾"
"FileBlockProcess_1"="*"
"FileBlockWhat_1"=dword:000f0000
"FileBlockReport_1"=dword:00000001
"FileBlockRuleName_2"="禁止 Outlook 从 Temp 文件夹启动任何项目"
"FileBlockProcess_2"="outlook.exe"
"FileBlockWildcard_2"="**\\temp*\\**"
"FileBlockWhat_2"=dword:00080000
"FileBlockReport_2"=dword:00000001
"FileBlockRuleName_3"="禁止 Outlook Express 从 Temp 文件夹启动任何项目"
"FileBlockProcess_3"="msimn.exe"
"FileBlockWildcard_3"="**\\temp*\\**"
"FileBlockWhat_3"=dword:00080000
"FileBlockReport_3"=dword:00000001
"FileBlockRuleName_4"="禁止 从 Temp 文件夹安装SYS底层驱动"
"FileBlockProcess_4"="*"
"FileBlockWildcard_4"="**\\temp*\\*.sys"
"FileBlockWhat_4"=dword:00090000
"FileBlockReport_4"=dword:00000001
"FileBlockRuleName_5"="禁止Internet Explore文件夹安装SYS底层驱动"
"FileBlockProcess_5"="*"
"FileBlockWildcard_5"="**\\Internet Explorer\\**\\*.sys"
"FileBlockWhat_5"=dword:00090000
"FileBlockReport_5"=dword:00000001
"FileBlockRuleName_6"="禁止腾讯的SOSOBAR"
"FileBlockProcess_6"="*"
"FileBlockWildcard_6"="**\\Sosobar*\\**"
"FileBlockWhat_6"=dword:000b0000
"FileBlockReport_6"=dword:00000001
"FileBlockRuleName_7"="禁止从 Temp 文件夹执行脚本"
"FileBlockProcess_7"="?script.exe"
"FileBlockWildcard_7"="**\\temp*\\**"
"FileBlockWhat_7"=dword:00020000
"FileBlockReport_7"=dword:00000001
"FileBlockRuleName_8"="禁止在windows文件夹安装rundll32.exerunD1132.仿冒"
"FileBlockProcess_8"="*"
"FileBlockWildcard_8"="%windir%\\**\un**32.exe"
"FileBlockWhat_8"=dword:00050000
"FileBlockReport_8"=dword:00000001
"FileBlockRuleName_9"="禁止访问可疑的启动项目 (.exe)"
"FileBlockProcess_9"="*"
"FileBlockWildcard_9"="**\\startup\\**\\*.exe"
"FileBlockWhat_9"=dword:000f0000
"FileBlockReport_9"=dword:00000001
"FileBlockRuleName_10"="禁止访问可疑的启动项目 (.scr)"
"FileBlockProcess_10"="*"
"FileBlockWildcard_10"="**\\startup\\**\\*.scr"
"FileBlockWhat_10"=dword:000f0000
"FileBlockReport_10"=dword:00000001
"FileBlockRuleName_11"="禁止访问可疑的启动项目 (.hta)"
"FileBlockProcess_11"="*"
"FileBlockWildcard_11"="**\\startup\\**\\*.hta"
"FileBlockWhat_11"=dword:000f0000
"FileBlockReport_11"=dword:00000001
"FileBlockRuleName_12"="禁止访问可疑的启动项目 (.pif)"
"FileBlockProcess_12"="*"
"FileBlockWildcard_12"="**\\startup\\**\\*.pif"
"FileBlockWhat_12"=dword:000f0000
"FileBlockReport_12"=dword:00000001
"FileBlockRuleName_13"="禁止访问可疑的启动项目 (.com)"
"FileBlockProcess_13"="*"
"FileBlockWildcard_13"="**\\startup\\**\\*.com"
"FileBlockWhat_13"=dword:000f0000
"FileBlockReport_13"=dword:00000001
"FileBlockRuleName_14"="禁止远程修改文件 (.exe)"
"FileBlockProcess_14"="System:Remote"
"FileBlockWildcard_14"="**\\*.exe"
"FileBlockWhat_14"=dword:00040000
"FileBlockReport_14"=dword:00000001
"FileBlockRuleName_15"="禁止远程修改文件 (.scr)"
"FileBlockProcess_15"="System:Remote"
"FileBlockWildcard_15"="**\\*.scr"
"FileBlockWhat_15"=dword:00040000
"FileBlockReport_15"=dword:00000001
"FileBlockRuleName_16"="禁止远程修改文件 (.ocx)"
"FileBlockProcess_16"="System:Remote"
"FileBlockWildcard_16"="**\\*.ocx"
"FileBlockWhat_16"=dword:00040000
"FileBlockReport_16"=dword:00000001
"FileBlockRuleName_17"="禁止远程修改文件 (.dll)"
"FileBlockProcess_17"="System:Remote"
"FileBlockWildcard_17"="**\\*.dll"
"FileBlockWhat_17"=dword:00040000
"FileBlockReport_17"=dword:00000001
"FileBlockRuleName_18"="禁止远程创建/修改/删除 Windows 文件夹和子文件夹中的任何内容"
"FileBlockProcess_18"="System:Remote"
"FileBlockWildcard_18"="%windir%\\**\\*"
"FileBlockWhat_18"=dword:00150000
"FileBlockReport_18"=dword:00000001
"FileBlockRuleName_19"="禁止远程创建/修改/删除 Windows 文件夹和子文件夹中的文件 (.ini)"
"FileBlockProcess_19"="System:Remote"
"FileBlockWildcard_19"="%windir%\\**\\*.ini"
"FileBlockWhat_19"=dword:00150000
"FileBlockReport_19"=dword:00000001
"FileBlockRuleName_20"="禁止远程创建/修改/删除系统根目录中的任何内容"
"FileBlockProcess_20"="System:Remote"
"FileBlockWildcard_20"="%systemdrive%\\*"
"FileBlockWhat_20"=dword:00150000
"FileBlockReport_20"=dword:00000001
"FileBlockRuleName_21"="禁止远程创建/修改/删除文件 (.exe)"
"FileBlockProcess_21"="System:Remote"
"FileBlockWildcard_21"="**\\*.exe"
"FileBlockWhat_21"=dword:00150000
"FileBlockReport_21"=dword:00000001
"FileBlockRuleName_22"="禁止远程创建/修改/删除文件 (.scr)"
"FileBlockProcess_22"="System:Remote"
"FileBlockWildcard_22"="**\\*.scr"
"FileBlockWhat_22"=dword:00150000
"FileBlockReport_22"=dword:00000001
"FileBlockRuleName_23"="禁止远程创建/修改/删除文件 (.ocx)"
"FileBlockProcess_23"="System:Remote"
"FileBlockWildcard_23"="**\\*.ocx"
"FileBlockWhat_23"=dword:00150000
"FileBlockReport_23"=dword:00000001
"FileBlockRuleName_24"="禁止远程创建/修改/删除文件(.pif)"
"FileBlockProcess_24"="System:Remote"
"FileBlockWildcard_24"="**\\*.pif"
"FileBlockWhat_24"=dword:00150000
"FileBlockReport_24"=dword:00000001
"FileBlockRuleName_25"="禁止创建 autorun.inf 文件"
"FileBlockProcess_25"="*"
"FileBlockWildcard_25"="**\\autorun.inf"
"FileBlockWhat_25"=dword:00050000
"FileBlockReport_25"=dword:00000001
"FileBlockRuleName_26"="禁止在 Windows 文件夹中创建新文件 (任何文件)"
"FileBlockProcess_26"="*"
"FileBlockWildcard_26"="%windir%\\*.*"
"FileBlockWhat_26"=dword:00010000
"FileBlockReport_26"=dword:00000001
"FileBlockRuleName_27"="禁止ADS流"
"FileBlockProcess_27"="*"
"FileBlockWildcard_27"="%SystemDrive%**:*"
"FileBlockWhat_27"=dword:000d0000
"FileBlockReport_27"=dword:00000001
"FileBlockRuleName_28"="禁止在 System32 文件夹中创建新文件 (任何文件)"
"FileBlockProcess_28"="*"
"FileBlockWildcard_28"="%windir%\\system32\\*.*"
"FileBlockWhat_28"=dword:00010000
"FileBlockReport_28"=dword:00000001
"FileBlockRuleName_29"="禁止在WINDOWS创建SVCHOST.EXE仿冒垃圾"
"FileBlockProcess_29"="*"
"FileBlockWhat_29"=dword:000b0000
"FileBlockReport_29"=dword:00000001
"FileBlockRuleName_30"="禁止互联星空拨号安装程序自释放到TEMP"
"FileBlockProcess_30"="*"
"FileBlockWildcard_30"="**\\China*net\\**"
"FileBlockWhat_30"=dword:000f0000
"FileBlockReport_30"=dword:00000001
"FileBlockRuleName_31"="防止威金规则"
"FileBlockProcess_31"="*"
"FileBlockWhat_31"=dword:000f0000
"FileBlockReport_31"=dword:00000001
"FileBlockRuleName_32"="禁止安装3721,并阻止运行"
"FileBlockProcess_32"="*"
"FileBlockWildcard_32"="**\\3721\\**"
"FileBlockWhat_32"=dword:000f0000
"FileBlockReport_32"=dword:00000001
"FileBlockRuleName_33"="禁止安装YAHOO助手"
"FileBlockProcess_33"="*"
"FileBlockWildcard_33"="**\\Assistant\\**"
"FileBlockWhat_33"=dword:000f0000
"FileBlockReport_33"=dword:00000001
"FileBlockRuleName_34"="禁止中文上网安装"
"FileBlockProcess_34"="*"
"FileBlockWildcard_34"="**\\CNNIC\\**"
"FileBlockWhat_34"=dword:000f0000
"FileBlockReport_34"=dword:00000001
"FileBlockRuleName_35"="禁止安装一搜工具条"
"FileBlockProcess_35"="*"
"FileBlockWildcard_35"="**\\YiSou\\**"
"FileBlockWhat_35"=dword:000f0000
"FileBlockReport_35"=dword:00000001
"FileBlockRuleName_36"="禁止安装很棒小秘书"
"FileBlockProcess_36"="*"
"FileBlockWildcard_36"="**\\HBClient\\**"
"FileBlockWhat_36"=dword:000f0000
"FileBlockReport_36"=dword:00000001
"FileBlockRuleName_37"="防止威金病毒读取HOSTS"
"FileBlockProcess_37"="*"
"FileBlockWildcard_37"="%windir%\\system32\\drivers\\etc\\**"
"FileBlockWhat_37"=dword:00050000
"FileBlockReport_37"=dword:00000001
"FileBlockRuleName_38"="禁止U88财富快车工具条安装目录"
"FileBlockProcess_38"="*"
"FileBlockWildcard_38"="**\\Internet Explorer\\2052\\**"
"FileBlockWhat_38"=dword:000f0000
"FileBlockReport_38"=dword:00000001
"FileBlockRuleName_39"="禁止百度搜霸安装目录"
"FileBlockProcess_39"="*"
"FileBlockWildcard_39"="**\\Baidu\\**"
"FileBlockWhat_39"=dword:000f0000
"FileBlockReport_39"=dword:00000001
"FileBlockRuleName_40"="禁止YOK工具条安装目录"
"FileBlockProcess_40"="*"
"FileBlockWildcard_40"="**\\YOK.com\\**"
"FileBlockWhat_40"=dword:000f0000
"FileBlockReport_40"=dword:00000001
"FileBlockRuleName_41"="禁止搜狗安装目录"
"FileBlockProcess_41"="*"
"FileBlockWildcard_41"="**\\p4p\\**"
"FileBlockWhat_41"=dword:000f0000
"FileBlockReport_41"=dword:00000001
"FileBlockRuleName_42"="禁止dudu下载加速器安装目录"
"FileBlockProcess_42"="*"
"FileBlockWildcard_42"="**\\DuDu\\**"
"FileBlockWhat_42"=dword:000f0000
"FileBlockReport_42"=dword:00000001
"FileBlockRuleName_43"="禁止娱乐星空安装目录"
"FileBlockProcess_43"="*"
"FileBlockWildcard_43"="**\\yulexk\\**"
"FileBlockWhat_43"=dword:000f0000
"FileBlockReport_43"=dword:00000001
"FileBlockRuleName_44"="禁止易趣工具栏安装目录"
"FileBlockProcess_44"="*"
"FileBlockWildcard_44"="**\\*eBay*\\**"
"FileBlockWhat_44"=dword:000f0000
"FileBlockReport_44"=dword:00000001
"FileBlockRuleName_45"="禁止彩信通安装目录"
"FileBlockProcess_45"="*"
"FileBlockWildcard_45"="**\\MMSAssist\\**"
"FileBlockWhat_45"=dword:000f0000
"FileBlockReport_45"=dword:00000001
"FileBlockRuleName_46"="禁止划词搜索安装目录"
"FileBlockProcess_46"="*"
"FileBlockWildcard_46"="**\\wsearch\\**"
"FileBlockWhat_46"=dword:000f0000
"FileBlockReport_46"=dword:00000001
"FileBlockRuleName_47"="禁止网络猪安装目录"
"FileBlockProcess_47"="*"
"FileBlockWildcard_47"="**\\网络猪\\**"
"FileBlockWhat_47"=dword:000f0000
"FileBlockReport_47"=dword:00000001
"FileBlockRuleName_48"="禁止完美网译通安装目录"
"FileBlockProcess_48"="*"
"FileBlockWildcard_48"="**\\WORLD2\\**"
"FileBlockWhat_48"=dword:000f0000
"FileBlockReport_48"=dword:00000001
"FileBlockRuleName_49"="禁止百狗搜索安装目录"
"FileBlockProcess_49"="*"
"FileBlockWildcard_49"="**\\baigoo\\**"
"FileBlockWhat_49"=dword:000f0000
"FileBlockReport_49"=dword:00000001
"FileBlockRuleName_50"="禁止酷桌面安装目录"
"FileBlockProcess_50"="*"
"FileBlockWildcard_50"="**\\LetsCool\\**"
"FileBlockWhat_50"=dword:000f0000
"FileBlockReport_50"=dword:00000001
"FileBlockRuleName_51"="禁止MSIBM安装文件"
"FileBlockProcess_51"="*"
"FileBlockWildcard_51"="**\\spoolsv\\**"
"FileBlockWhat_51"=dword:000f0000
"FileBlockReport_51"=dword:00000001
"FileBlockRuleName_52"="禁止安装中搜工具条"
"FileBlockProcess_52"="*"
"FileBlockWildcard_52"="**\\ZhongSou\\**"
"FileBlockWhat_52"=dword:000f0000
"FileBlockReport_52"=dword:00000001
"FileBlockRuleName_53"="禁止安装IE-BAR"
"FileBlockProcess_53"="*"
"FileBlockWildcard_53"="**\\IE-Bar\\**"
"FileBlockWhat_53"=dword:000f0000
"FileBlockReport_53"=dword:00000001
"FileBlockRuleName_54"="禁止安装忆多多"
"FileBlockProcess_54"="*"
"FileBlockWildcard_54"="**\\忆多多\\**"
"FileBlockWhat_54"=dword:000f0000
"FileBlockReport_54"=dword:00000001
"FileBlockRuleName_55"="禁止安装多多Q表情"
"FileBlockProcess_55"="*"
"FileBlockWildcard_55"="**\\Common Files\\UPD*\\**"
"FileBlockWhat_55"=dword:000f0000
"FileBlockReport_55"=dword:00000001
"FileBlockRuleName_56"="禁止多多Q表情2"
"FileBlockProcess_56"="*"
"FileBlockWildcard_56"="**\\Common Files\\SAND\\**"
"FileBlockWhat_56"=dword:000f0000
"FileBlockReport_56"=dword:00000001
"FileBlockRuleName_57"="禁止唯刊VIKA阅读器"
"FileBlockProcess_57"="*"
"FileBlockWildcard_57"="**\\VIK\\**"
"FileBlockWhat_57"=dword:000f0000
"FileBlockReport_57"=dword:00000001
"FileBlockRuleName_58"="禁止流氓利用Downloaded Program Files"
"FileBlockProcess_58"="*"
"FileBlockWildcard_58"="**\\Downloaded Program Files\\**"
"FileBlockWhat_58"=dword:00050000
"FileBlockReport_58"=dword:00000001
"FileBlockRuleName_59"="禁止协和医院弹出广告"
"FileBlockProcess_59"="*"
"FileBlockWildcard_59"="**\\STDUP\\**"
"FileBlockWhat_59"=dword:000f0000
"FileBlockReport_59"=dword:00000001
"FileBlockRuleName_60"="禁止酷站导航"
"FileBlockProcess_60"="*"
"FileBlockWildcard_60"="**\\CoolWebsite\\**"
"FileBlockWhat_60"=dword:000f0000
"FileBlockReport_60"=dword:00000001
"FileBlockRuleName_61"="禁止珊瑚虫工具栏"
"FileBlockProcess_61"="*"
"FileBlockWildcard_61"="**\\Infofo Bar\\**"
"FileBlockWhat_61"=dword:000f0000
"FileBlockReport_61"=dword:00000001
"FileBlockRuleName_62"="禁止青娱乐"
"FileBlockProcess_62"="*"
"FileBlockWildcard_62"="**\\Qyule\\**"
"FileBlockWhat_62"=dword:000f0000
"FileBlockReport_62"=dword:00000001
"FileBlockRuleName_63"="禁止开心速递"
"FileBlockProcess_63"="*"
"FileBlockWildcard_63"="**\\SDAstro\\**"
"FileBlockWhat_63"=dword:000f0000
"FileBlockReport_63"=dword:00000001
"FileBlockRuleName_64"="禁止VVZ收藏夹"
"FileBlockProcess_64"="*"
"FileBlockWildcard_64"="**\\vvz\\**"
"FileBlockWhat_64"=dword:000f0000
"FileBlockReport_64"=dword:00000001
"FileBlockRuleName_65"="禁止Hotbar"
"FileBlockProcess_65"="*"
"FileBlockWildcard_65"="**\\Hotbar\\**"
"FileBlockWhat_65"=dword:000f0000
"FileBlockReport_65"=dword:00000001
"FileBlockRuleName_66"="禁止nb46工具栏"
"FileBlockProcess_66"="*"
"FileBlockWildcard_66"="**\\nb46.com\\**"
"FileBlockWhat_66"=dword:000f0000
"FileBlockReport_66"=dword:00000001
"FileBlockRuleName_67"="禁止DeskAdTop弹窗"
"FileBlockProcess_67"="*"
"FileBlockWildcard_67"="**\\DeskAdTop\\**"
"FileBlockWhat_67"=dword:000f0000
"FileBlockReport_67"=dword:00000001
"FileBlockRuleName_68"="禁止快搜"
"FileBlockProcess_68"="*"
"FileBlockWildcard_68"="**\\Micrsoft SearchBar\\**"
"FileBlockWhat_68"=dword:000f0000
"FileBlockReport_68"=dword:00000001
"FileBlockRuleName_69"="禁止网蜜"
"FileBlockProcess_69"="*"
"FileBlockWildcard_69"="**\\MySec\\**"
"FileBlockWhat_69"=dword:000f0000
"FileBlockReport_69"=dword:00000001
"FileBlockRuleName_70"="禁止划词搜索"
"FileBlockProcess_70"="*"
"FileBlockWildcard_70"="**\\HuaCi\\**"
"FileBlockWhat_70"=dword:000f0000
"FileBlockReport_70"=dword:00000001
"FileBlockRuleName_71"="禁止中搜的SearchNet"
"FileBlockProcess_71"="*"
"FileBlockWildcard_71"="**\\SearchNet\\**"
"FileBlockWhat_71"=dword:000f0000
"FileBlockReport_71"=dword:00000001
"FileBlockRuleName_72"=" 防止威金读取NET.NET1"
"FileBlockProcess_72"="*"
"FileBlockWhat_72"=dword:00050000
"FileBlockReport_72"=dword:00000001
"FileBlockRuleName_73"="禁止WINDOWS创建SERVER,SERVICES伪造"
"FileBlockProcess_73"="*"
"FileBlockWhat_73"=dword:000f0000
"FileBlockReport_73"=dword:00000001
"FileBlockRuleName_74"="禁止在WINDOWS目录的drivers\\下添加驱动"
"FileBlockProcess_74"="*"
"FileBlockWildcard_74"="%windir%\\system32\\drivers\\**"
"FileBlockWhat_74"=dword:00010000
"FileBlockReport_74"=dword:00000001
"FileBlockRuleName_75"="禁止windows创建SMSS"
"FileBlockProcess_75"="*"
"FileBlockWhat_75"=dword:000f0000
"FileBlockReport_75"=dword:00000001
"FileBlockRuleName_76"="禁止鸡毛信安装"
"FileBlockProcess_76"="*"
"FileBlockWildcard_76"="**\\temp\\IXP*.tmp\\TMP435*.TMP"
"FileBlockWhat_76"=dword:000f0000
"FileBlockReport_76"=dword:00000001
"FileBlockRuleName_77"="禁止流氓木马病毒修改userinit.exe"
"FileBlockProcess_77"="*"
"FileBlockWildcard_77"="%windir%\\system32\\**"
"FileBlockWhat_77"=dword:00040000
"FileBlockReport_77"=dword:00000001
"FileBlockRuleName_78"="禁止在Common Files生成流氓恶意病毒"
"FileBlockProcess_78"="*"
"FileBlockWildcard_78"="**\\Program Files\\Common Files\\*.*"
"FileBlockWhat_78"=dword:00010000
"FileBlockReport_78"=dword:00000001
"FileBlockRuleName_79"="禁止流氓病毒.硬盘炸弹利用BAT,封禁BAT.需要BAT,自行修改成cmd或COM"
"FileBlockProcess_79"="*"
"FileBlockWildcard_79"="**\\*.bat"
"FileBlockWhat_79"=dword:000a0000
"FileBlockReport_79"=dword:00000001
"FileBlockRuleName_80"="禁止硬盘炸弹利用FORMAT,格式化硬盘"
"FileBlockProcess_80"="*"
"FileBlockWildcard_80"="**\\format.*"
"FileBlockWhat_80"=dword:000a0000
"FileBlockReport_80"=dword:00000001
"FileBlockRuleName_81"="禁止在PROGRAM生成文件,但不影响安装程序创建目录"
"FileBlockProcess_81"="*"
"FileBlockWildcard_81"="**\\Program Files\\*.*"
"FileBlockWhat_81"=dword:000b0000
"FileBlockReport_81"=dword:00000001
"FileBlockRuleName_82"="禁止在Program Files下添加system,system32,systems文件夹"
"FileBlockProcess_82"="*"
"FileBlockWildcard_82"="**\\Program Files\\system*\\**"
"FileBlockWhat_82"=dword:000f0000
"FileBlockReport_82"=dword:00000001
"FileBlockRuleName_83"="禁止在Program Files下往WINNT或WINDOWS NT文件夹下添加垃圾"
"FileBlockProcess_83"="*"
"FileBlockWildcard_83"="**\\Program Files\\win*t\\**"
"FileBlockWhat_83"=dword:00050000
"FileBlockReport_83"=dword:00000001
"FileBlockRuleName_84"="禁止千橡播霸安装"
"FileBlockProcess_84"="*"
"FileBlockWildcard_84"="**\\pcast\\**"
"FileBlockWhat_84"=dword:000f0000
"FileBlockReport_84"=dword:00000001
"FileBlockRuleName_85"="禁止腾讯QQ的广告"
"FileBlockProcess_85"="*"
"FileBlockWildcard_85"="**\\adplus*\\**"
"FileBlockWhat_85"=dword:000f0000
"FileBlockReport_85"=dword:00000001
"FileBlockRuleName_86"="禁止在Common Files的创建Comm"
"FileBlockProcess_86"="*"
"FileBlockWildcard_86"="**\\Common Files\\Comm\\**"
"FileBlockWhat_86"=dword:000f0000
"FileBlockReport_86"=dword:00000001
"FileBlockRuleName_87"="禁止在All Users\\Application Data\\Microsoft\\UserData下乱创建文件"
"FileBlockProcess_87"="*"
"FileBlockWildcard_87"="**\\Application Data\\Microsoft\\UserData*\\**"
"FileBlockWhat_87"=dword:000f0000
"FileBlockReport_87"=dword:00000001
"FileBlockRuleName_88"="禁止WIN下创建LSASS.EXE"
"FileBlockProcess_88"="*"
"FileBlockWhat_88"=dword:000f0000
"FileBlockReport_88"=dword:00000001
"FileBlockRuleName_89"="禁止威金4"
"FileBlockProcess_89"="*"
"FileBlockWildcard_89"="%windir%\\*dll.dll"

如何停止McAFee的“按访问扫描程序”

打开控制台之后,发现“按访问扫描程序”的停止按钮不能用。 网上找了一下,才知道是要修改一下选项。 在控制台窗口中,双击“访问控制”, 弹出“访问保护属性”界面,在“访问保护规则”界面,去掉“禁...
 • edwzhang
 • edwzhang
 • 2012年03月08日 13:37
 • 4087

MCAFEE按访问扫描被禁用,卸载MCAFEE方法!

      控制面板-->管理工具-->服务 看看McAfee Framework Service、Network Associates McShield、Network Associates Tas...
 • MichaelSrc
 • MichaelSrc
 • 2011年04月30日 10:37
 • 1018

mcafee 8.5i杀毒软件规则配置

由于是转载,文章中的连接是无效的,看官勿点! 基本概念: HIPS:Host Intrusion Prevent System 主机入侵防御系统,包括以下三种防御系统: FD...
 • cplvfx
 • cplvfx
 • 2018年01月29日 19:22
 • 74

McAfee防止挂马 用McAfee阻止IIS写入asp文件

如果你使用虚拟主机或者合租空间,可以要求主机商装MCAFEE,如果他说怕影响其他用户有.ASP后缀的数据库,你可以让他只给你的网站目录这样设置。 进入 Mcafee 的 VirusScan ...
 • cplvfx
 • cplvfx
 • 2017年12月05日 17:22
 • 68

[转]McAfee 病毒库最新离线升级包下载 VirusScan SuperDAT

本文转自:http://www.aming.org/blog/McAfee-VirusScan-SuperDAT.html原文如下:这个mcafee离线升级包(VirusScan SuperDAT...
 • freeliver54
 • freeliver54
 • 2007年08月16日 14:59
 • 1934

mcafee 杀毒软件防火墙下载和病毒库升级及设置教程

 mcafee 8.5杀毒软件下载地址https://secure.nai.com/apps/downloads/my_products/login.asp在Grant Number那里输入13591...
 • setoy
 • setoy
 • 2007年03月17日 12:56
 • 3395

Mcafee(麦咖啡) 无法升级的解决办法 附:进程详解,设置指南

一直在用Macfee 8.0版杀毒软件,近日添加了两块新硬盘后,Macfee 不能升级了,提示fffff95b @ 2 返回错误,卸载后重装,升级时提示变成“初始化常规更新程序子系统失败,确保McAf...
 • freexploit
 • freexploit
 • 2006年01月28日 09:44
 • 3656

今天终于下决心删除了McAfee,受不了了!

McAfee这个杀毒软件,感觉对CPU/内存占用很多,尤其是在启用“按访问扫描”时,启动大一点的程序,McAfee的CPU占用率通常大于50%,这导致我的Eclipse、NetBeans启动非常慢。修...
 • liigo
 • liigo
 • 2006年03月11日 12:58
 • 4268

【每日新闻】杀毒软件McAfee创始人:对比特币依然信心满满 | “一带一路”软件与信息技术服务联盟成立

每一个企业级的人  都置顶了 中国软件网中国软件网  为你带来最新鲜的行业干货小编点评比特币, 币不异空,空不异币;币即是空,空即是币;比特币,是诸币空像,不生不灭,不垢不净,不增不减。趋势洞察杀毒软...
 • Z1Y492Vn3ZYD9et3B06
 • Z1Y492Vn3ZYD9et3B06
 • 2018年02月07日 00:00
 • 77

mcafee的mysql audit认证插件的使用

最近在淘宝DBA博客上看到了关于audit plugin插件的使用,所以google到了mcafee的这个项目的官网 https://github.com/mcafee/mysql-audit/is...
 • cnbird2008
 • cnbird2008
 • 2013年04月11日 17:57
 • 2168
收藏助手
不良信息举报
您举报文章:McAfee访问规则
举报原因:
原因补充:

(最多只允许输入30个字)