Access protection

Preventing threat access to your client system is your first line of defense against malware. The Access Protection feature of VirusScan Enterprise compares an action being requested against a list of configured rules. Each rule can be configured to block or report, or block and report access violations when they occur.

Access protection prevents unwanted changes to your computer by restricting access to specified ports, files, shares, registry keys, and registry values. It also protects McAfee processes by preventing users from stopping them. This protection is critical before and during outbreaks.

This feature uses predefined rules and user-defined rules to specify which items can and cannot be accessed. Each rule can be configured to block or report, or block and report access violations when they occur. Predefined rules and categories can be updated from the McAfee update sites.

Note: The on-access scanner, which detects access violations, must be enabled to detect attempts to access ports, files, shares, and registry keys and registry values.

How threats gain access

The most common ways threats gain access to your system include:
  • Macros — As part of word processing documents and spreadsheet applications.
  • Executable files — Seemingly benign programs can include viruses along with the expected program. For example, some common file extensions are .EXE, .COM, .VBS, .BAT, .HLP and .DLL.
  • Email — Jokes, games, and images as part of email messages with attachments.
  • Scripts — Associated with web pages and emails, scripts such as ActiveX and JavaScript, if allowed to run, can include viruses.
  • Internet Relay Chat (IRC) messages — Files sent along with these messages can easily contain malware as part of the message. For example, automatic startup processes can contain worms and Trojan threats.
  • Browser and application Help files — Downloading these Help files exposes the system to embedded viruses and executables.
  • Combinations of all these — Sophisticated malware creators combine all of these delivery methods and even embed one piece of malware within another to try and access your computer.


Access protection