Application Blocking alerts

When application creation or application hooking is enabled in the Application Blocking Options policy, Host Intrusion Prevention monitors application activities and allows or blocks them based on the rules in the Application Blocking Rules policy.

If you enabled Learn mode for either creation blocking or hooking blocking, Host Intrusion Prevention displays an Application Creation Alert or Application Hook Alert whenever it detects an unknown application trying to run or bind to another program.

The Application Information tab displays information about the application attempting to run (creation) or to hook (hook) to another process, including application name, path, and version.

Use this dialog box to select an action:

When you click Allow or Deny, Host Intrusion Prevention creates a new application rule based on your choice. After collecting client properties, this rule is added to the to the Application Client Rule tab of the Application Rules policy. The application is then allowed or blocked automatically.

Copyright © 2006 McAfee, Inc. All Rights Reserved.