6Application Blocking Policies

The Application Blocking feature of Host Intrusion Prevention manages a set of applications that you allow to run ((known as application creation) or bind (known as application hooking) with other applications.

This section describes the Application Blocking feature and includes the following topics:

„Overview

„Configuring the Application Blocking Options policy

„Configuring the Application Blocking Rules policy

Overview

The Application Blocking feature enables or disables application blocking and configures application blocking rules. With application blocking you can set application creation blocking, application hooking blocking, or both. You can also indicate whether to keep application blocking rules created on clients manually or through the Adaptive or Learn modes.

Application creation

Block application creation when you want to prevent specific or unknown programs from running. For example, some Trojan horse attacks can run malicious applications on computers without the knowledge of the user. If you block application creation, you can prevent these attacks from succeeding by allowing only specific, legitimate applications to run. You can also enable automatic Adaptive mode or interactive Learn mode to dynamically build a set of allowed applications.

94

Page 94
Image 94
McAfee 6.1 manual Application Blocking Policies, Application creation