Preventing threat access to your client system is your first line of
defense against malware. The Access Protection feature of
VirusScan Enterprise
compares an action being requested against a list of configured rules. Each
rule can be configured to block or report, or block
and report access violations when they occur.
Access protection prevents unwanted changes to your computer by
restricting access to specified ports, files, shares, registry keys, and
registry values. It also protects
McAfee processes by preventing users from stopping them. This
protection is critical before and during outbreaks.
This feature uses predefined rules and user-defined rules to specify
which items can and cannot be accessed. Each rule can be configured to block or
report, or block and report access violations when they occur. Predefined rules
and categories can be updated from the
McAfee update sites.
Note: The on-access scanner, which detects access violations,
must be enabled to detect attempts to access ports, files, shares, and registry
keys and registry values.
How threats gain access
The most common ways threats gain access to your system include:
- Macros — As part of
word processing documents and spreadsheet applications.
- Executable files —
Seemingly benign programs can include viruses along with the expected program.
For example, some common file extensions are .EXE, .COM, .VBS, .BAT, .HLP and
.DLL.
- Email — Jokes,
games, and images as part of email messages with attachments.
- Scripts —
Associated with web pages and emails, scripts such as ActiveX and JavaScript,
if allowed to run, can include viruses.
- Internet Relay Chat
(IRC) messages — Files sent along with these messages can easily contain
malware as part of the message. For example, automatic startup processes can
contain worms and Trojan threats.
- Browser and application
Help files
— Downloading these Help files exposes the system to embedded
viruses and executables.
- Combinations of all
these — Sophisticated malware creators combine all of these delivery
methods and even embed one piece of malware within another to try and access
your computer.