Except the default rule from McAfee, you can create any custom rules.
The rules can be for Application control, file control, registry control and etc.
Those rule can be helpful for malware outbreak it can help prevent the spread of malware or to control using any file or programs.
To create custom rule to prevent FILE operations (Create, Write, Execute, Read, etc.):
Name: <insert name>
Rule type: Files
Operations: Create, Execute, Read, Write
Parameters: path/file name
Note: The file name must include a path. If you wish to wildcard the path, begin the filename with **\ or ?:\ if you wish to wildcard the drive letter (for example: **\filename.exe or ?:\filename.exe).
You cannot use MD5 hashes with the "Files" parameter: path/filename only.
Drive type can also be used to limit the path to a specific drive type (for example., hard drive, CD-ROM, USB, network, floppy).
Executables: Can be left blank, unless you want to limit the signature to specific processes that performs the file operation (for example, explorer.exe, cmd.exe, etc.).
To create a custom rule to prevent PROGRAM operations
Name: <insert name>
Rule type: Program
Operations: Run target executable
Parameters: <leave blank>
Executables: Can be left blank, unless you wish to limit the signature to specific process as the source executable (for example if you want to block explorer.exe from running a Target Executable (for example., notepad.exe)).
Target Executables: Define the executable properties for which you want to prevent execution (for example, if you want to block Notepad.exe from running, specify the path/filename of the executable). The executable can be defined using one or more of the criteria (File Description, File Name, Fingerprint, Signer).
The rules can be for Application control, file control, registry control and etc.
Those rule can be helpful for malware outbreak it can help prevent the spread of malware or to control using any file or programs.
To create custom rule to prevent FILE operations (Create, Write, Execute, Read, etc.):
Name: <insert name>
Rule type: Files
Operations: Create, Execute, Read, Write
Parameters: path/file name
Note: The file name must include a path. If you wish to wildcard the path, begin the filename with **\ or ?:\ if you wish to wildcard the drive letter (for example: **\filename.exe or ?:\filename.exe).
You cannot use MD5 hashes with the "Files" parameter: path/filename only.
Drive type can also be used to limit the path to a specific drive type (for example., hard drive, CD-ROM, USB, network, floppy).
Executables: Can be left blank, unless you want to limit the signature to specific processes that performs the file operation (for example, explorer.exe, cmd.exe, etc.).
To create a custom rule to prevent PROGRAM operations
Name: <insert name>
Rule type: Program
Operations: Run target executable
Parameters: <leave blank>
Executables: Can be left blank, unless you wish to limit the signature to specific process as the source executable (for example if you want to block explorer.exe from running a Target Executable (for example., notepad.exe)).
Target Executables: Define the executable properties for which you want to prevent execution (for example, if you want to block Notepad.exe from running, specify the path/filename of the executable). The executable can be defined using one or more of the criteria (File Description, File Name, Fingerprint, Signer).