Application Blocking feature

The Host Intrusion Prevention Application Blocking feature monitors applications being used and either allows or blocks them.

Host Intrusion Prevention offers two types of application blocking:

When Host Intrusion Prevention monitors application creation, it looks for programs that are trying to run. In most cases, there is no problem; but, there are some viruses, for example, that try to run programs that harm a system. You can prevent this by creating application rules, similar to firewall rules, which only allow programs to run that are permitted for a user.

When Host Intrusion Prevention monitors application hooking, it looks for programs that are trying to bind or “hook” themselves to other applications. Sometimes, this behavior is harmless, but sometimes this is suspicious behavior that can indicate a virus or other attack on your system.

You can configure Host Intrusion Prevention to monitor only application creation, only application hooking, or both.

The Application Blocking feature works like the Firewall feature. Create a list of application rules; one rule for each application you want to allow or block. Each time Host Intrusion Prevention detects an application trying to start or hook to another application, it checks its application rule list to determine whether to allow or block the application.

Copyright © 2006 McAfee, Inc. All Rights Reserved.