Add a file or folder to McAfee exclusions. Security Center application in Meizu smartphones

All tips

Many antivirus users encounter the inconvenience of unjustifiably blocking processes that the program mistakenly recognizes as malicious. IN McAfee antivirus It is possible to add files and folders to exceptions.

In general, the blocking option is very useful, because in this way the user’s PC is protected from infection by malware and from theft of personal and confidential information. But sometimes McAfee thinks various programs, for example, torrent clients, are malicious, and therefore blocks their work.

Disabling the antivirus every time is not a solution to the problem; it is much more convenient to add required file add to the exclusion list and enjoy comfortable work. However, it is worth remembering that you need to add only those files in which you are completely and completely confident, because the antivirus will consider them 100% safe, which means it will bypass them when scanning and analyzing.

Instructions in McAfee how to add a file to exceptions

So, the procedure is as follows:

Open McAfee antivirus.
On home page programs, select " Protection against viruses and spyware».
Click " Check PC" and select " Performing a custom check" This will exclude the item from user validation (a user-triggered process).
Click " Scheduled checks" and select " Schedule a review" This will exclude the element from the scheduled scan (a process launched by the antivirus itself).
Select " Excluded files and folders».
Select " add file"if you want to exclude, for example, a program from the scan.
Select " Add folder"if you want to exclude several files combined into one folder from the scan.
Select the file or folder you want to exclude and click " Open».

That's all. The file or folder has been added to the whitelist.

Administrators can manage enterprise applications on devices Android users without affecting their personal data. For example, you can:

create white lists of recommended applications that will be available for installation;
automatically install the required set of applications for work;
manage system applications on corporate devices.

How the white list works

You select applications from Play Store in the console Google Administrator and whitelist them for users to see on their devices.

Applications from whitelist managed by the organization, so when an employee leaves, these applications are deleted from his device along with his corporate account. They can also be removed if the device is lost or stolen. Some mobile applications Google, such as Gmail and Google Drive, have already been added to the white list.

How to separate personal and corporate applications

Work profiles are available in .

Step 1: Open Android App Whitelist

Step 2: Create a whitelist

How to add an application

The application will appear in the white list almost immediately, but users will be able to install it from the corporate Google Play or from the "For work" tab in the Play Store only after the next synchronization with the control system mobile devices Google. Applications installed not from corporate Google Play and not from the "For work" tab cannot be managed.

How to delete an application

After removing an application from the white list, it will become unavailable to users in corporate Google Play and on the “For work” tab in the Play Store. If the user has already installed the application, it is not removed from their device. Users who have not yet installed an app that has been removed from the whitelist can still download it from the Play Store, but in this case it will not be managed.

You will receive a confirmation that the selected application has been removed from the whitelist.

Note. Delete Google Apps Device Policy from a white list is not possible.

Step 3: Manage whitelisted apps

How to manage application settings

Note.

How to confirm new permissions

By whitelisting an Android app, you can control its access to data on behalf of users in your organization by granting it specific permissions. For example, an application may need access to your contacts or device location. Users can change the permissions you grant after they install the app on their device.

After updating a whitelisted app, it may require new permissions. Applications for which permissions need to be updated are marked in the admin console with an icon. To approve a permission update request:

How to manage dynamic permissions

Some applications for Android devices ask the user for permission at runtime. For example, an application might request access to the device's calendar or location. You can specify how requests will be processed individual applications to obtain such permits. These settings take precedence over the device's dynamic resolution settings.

How to create managed configurations

To use this feature you must enable .

With managed configurations, you can automatically configure applications for an organizational unit or group of users. You can create multiple managed configurations for a single application and apply them to different teams and departments. To create a managed configuration, follow these steps:

Step 4: Provide apps to specific users

How to add users to the application distribution list

Comparison of versions

Open the Android app whitelist by following the instructions above.
Select the application you want to make available.
The Application Distribution screen shows the departments and user groups to which the application is currently available.
Advice. To see a list of applications that are available only to a specific user or group, in the filter settings on the left side of the page, select an organizational unit, group, or specific person. You can also filter for only public or only private apps.
To make the app available to other groups, click Add.
Select one of the options below.
- To share the app with an organizational unit, click on the left side of the screen Organizational unit and select the department name from the list.
- To share an app with a group, click on the left side of the screen Group and start typing its name, and then select it from the list.

Click Continue.

Set application settings for your organizational unit or group and click Save.
You can:
- immediately automatically install the application on users’ devices;
- prevent users from deleting the application;
- Allow users to add app widgets (if any) to the home screen.

Note.

How to remove users from an application's distribution list

This feature is available in G Suite Business and G Suite Enterprise. Comparison of versions

Note. Changes on users' devices usually take effect within a few minutes, but sometimes take up to 24 hours. If you do not specify a department or group, the application will be available to all users in the top-level organization.

How to prevent users from installing non-whitelisted apps

To use this feature you must enable .

Users can download applications from the Play Store. At the same time, applications added to the white list are available on the “For work” tab. To prevent users from installing applications that are not on this list:

Note. Changes on users' devices usually take effect within a few minutes, but sometimes take up to 24 hours.

Was this article helpful?

How can this article be improved?

Most users actively use antiviruses to ensure the security of their system, passwords, and files. Good antivirus software can always provide protection for high level, but a lot also depends on the user’s actions. Many applications give you the opportunity to choose what to do with what they consider to be malicious programs or files. But some do not stand on ceremony and immediately remove suspicious objects and potential threats.

The problem is that each protection can work in vain, considering a harmless program dangerous. If the user is confident in the safety of the file, then he should try to add it to the exception. Many antivirus programs do this differently.

To add a folder to antivirus exclusions, you need to dig a little into the settings. Also, it is worth considering that each protection has its own interface, which means that the path for adding a file may differ from other popular antiviruses.

Kaspersky Anti-Virus

Avast Free Antivirus

Avira

360 Total Security

Antivirus 360 Total Security differs in many ways from other popular protections. Flexible interface, Russian language support and a large number useful tools available with effective protection, which can be customized to your taste.

The same is done with a folder, but for this you select "Add folder".

You select what you need in the window and confirm. You can do the same with the application you want to exclude. Just specify its folder and it will not be scanned.

ESET NOD32

Windows 10 Defender

Standard for the tenth version of the antivirus in most respects and functionality not inferior to solutions from third party developers. Like all the products discussed above, it also allows you to create exceptions, and you can add not only files and folders to this list, but also processes, as well as specific extensions.

Launch Defender and go to the section "Protection against viruses and threats".

Next use the link "Manage Settings" located in the block "Protection settings against viruses and other threats".

In the block "Exceptions" click on the link "Adding or removing exceptions".

Click the button "Add exception",

define its type in the drop-down list

and, depending on your choice, specify the path to the file or folder

or enter the process name or extension, then click on the button to confirm the selection or addition.

06/21/2011 Orin Thomas

By using solutions that limit the range of applications that can be executed (whitelisting), administrators can configure client computers to run only those that are explicitly allowed. application programs. To avoid worrying about users running malware or dangerous scripts, administrators create a list of applications available to employees. The execution of applications that are not in the list is simply blocked. Depending on the complexity of the technology used to prepare whitelists, applications can be approved by the publisher's certificate, a hashed value (digital fingerprint), or simply by path and file name

As a rule, the easiest way is identification using the publisher's certificate. Using this method, it is easy to provide for all future versions of the application in any rule. The disadvantage of publisher certificates is the availability large quantity programs without digital signatures, which cannot be identified by this method. In some method implementations, only the publisher's name is whitelisted, while in others, you can specify the name assigned to the application and its version.

When a hashed value is used, a digital hash is generated, a kind of digital fingerprint, that identifies the target application's executable file. The disadvantage of digital hashes is that every time a file is changed (as a result of installing software fixes or a new version of the application), the hash value must be recalculated as the “digital fingerprint” changes. If the whitelist is based on a hashed value, it is necessary to provide a way to timely recalculate program updates into regular cycle management.

Path-based identification is the simplest, but at the same time the most vulnerable way to identify files. The advantage of issuer certificates and hashed value is that if the executable file changes malware it is excluded from the whitelist as it does not match the identifying properties of the publisher or hash. And the infected executable file, identified by its path, remains in the white list and is perceived as safe.

Restriction Policies and AppLocker

Application restriction policies have been around in Windows since XP. You can use Software Restriction Policies (SRP) to create hash rules and path rules. SRP policies have the following advantages and disadvantages.

Identification of files based on hash and location.
Contains the rules for issuer certificates, but operates on an all-or-nothing basis. All applications signed by the publisher are allowed or denied. For example, you cannot use a publisher certificate rule to allow Adobe Acrobat, but block Adobe Photoshop. To create an SRP rule, you need a copy of the issuer certificate in . cer or. crt.
Allows you to specify which extensions belong to executable files.
Does not contain publisher's rules.
The rules have to be built manually.
There is no other centralized solution for preparing reports, in addition to viewing event logs.
Uses native functionality group policy; no additional client installation required.

AppLocker utility part of Windows 7 expands the functionality of SRP. AppLocker has a number of improvements.

You can create a publisher rule based on a reference file without having to separate file format certificate. cer or. crt.
You can automatically analyze your computer to prepare a set of issuer and certificate rules.
Only Windows 7 Professional, Enterprise and Ultimate clients are supported.
The utility is applied through Group Policy. In the absence of a client program, administrators have to make significant efforts more effort to launch AppLocker.

There is still no centralized reporting solution.

If your company's security strategy requires application whitelisting and requires a product with more capabilities than SRP and AppLocker, consider using Lumension Application Control, Endpoint Security and Data Protection from Sophos or Bit9 Parity. The functionality of all of these products goes far beyond preparing application whitelists. Other features are mentioned in this article, but the emphasis is on whitelists.

Lumension Application Control

Lumension Application Control
BEHIND: simple application discovery; It's easy to build whitelists.
AGAINST: complex installation procedure; setup difficulties.
GRADE: 4 out of 5.
PRICE: license $45; maintenance $9/year.
RECOMMENDATIONS: The product may appeal to administrators who need more functionality than AppLocker. However, the installation procedure is unnecessarily complicated.
CONTACT INFORMATION: Lumension Security, www.lumension.com

Lumension Application Control is a specialized product for preparing white lists with functions for automatic detection of application programs and authorization of updates software, script and macro protection, application browsing, local application authorization and heuristic analysis for detection malicious code, locally authorized on a certain number computers. Lumension uses hash and path-based rules to identify files, and administrators can remotely verify clients by compiling file identification lists.

Client deployment. An installer for Windows x64 and x86 in MSI format is supplied with the program. Administrators can deploy software on clients via Group Policy or using more powerful tool, such as Microsoft System Center Configuration Manager (SCCM).

Using Lumension Application Control, you can discover applications deployed in your company. The detection results are used to prepare whitelist policies.

Detected files can be categorized into groups in the Lumension Application Control console. Based on groups of files, decisions are made to allow or block programs. Application whitelists can be applied to different users by assigning user accounts to different groups of files. File groups determine which applications are available for given user, as shown in Screen 1.

Screen 1: Lumension Application Control

The main advantage over AppLocker is its powerful remote detection features. WITH using AppLocker you can run the wizard locally on the reference computer and create a list of applications. In Lumension, you just need to tell the wizard the target computer to check it and generate a list.

Monitoring features are also more effective with Lumension's centralized reports. Database capabilities are used to prepare reports SQL Server.

Finally, Lumension includes distribution checking features to automatically block suspicious executable files.

Additional notes. Installing Lumension is a very labor-intensive process. Installing Endpoint Security and Data Protection and Bit9 Parity is basically a matter of a few mouse clicks, following the wizard's instructions. However, to install Lumension Application Control you must run detailed instructions presented on several pages. While this should not be difficult for an experienced administrator, making the installation process more complex increases the likelihood of errors.

Lumension Application Control provides a quick and easy way to generate file identities for use in whitelists, but the product documentation recommends using paths for regularly updated applications. As noted above, path rules are vulnerable because they do not prevent the execution of infected files. This threat is eliminated when using certificate or hash rules.

Endpoint Security and Data Protection 9.5
BEHIND: Automated maintenance reduces the complexity of updating rules for administrators. Compatible with Mac, Windows and Linux platforms.
AGAINST: unclear how to add user programs and programs not listed by Sophos.
GRADE: 3 out of 5.
PRICE:$11/year per user (up to 99 users).
RECOMMENDATIONS: the product is part of a security complex with broader capabilities; it may be suitable for companies that need to deploy well-known clients but not their own software.
CONTACT INFORMATION: Sophos, www.sophos.com

Endpoint Security and Data Protection 9.5 from Sophos - advanced solution to protect end user computers. It has a firewall, antivirus, application and device control, data loss prevention, encryption, and network access control for Windows, Linux, Mac, and UNIX clients. Like Bit9 Parity and Lumension Application Control, application information is stored in SQL Server 2008 Express.

Deployment of clients. Bit9 and Lumension have separate client installers, but Sophos uses a push installer that pushes the client from the console to the protected computer. The client file can be downloaded directly from the Sophos website, but is not included initially in the package.

Before deploying the client from the Sophos console, you must prepare the client computers. In this case it is necessary to change standard settings networks and public access, Remote Registry service startup status, user account control settings UAC entries and firewall settings.

Creating and updating policies. To create application policies, you need to select the Application Control node under Policies in the main console. You can create new policy or change the default one. Policies are applied to groups of computers; At any given time, a computer can belong to only one group organized by the administrator.

Sophos provides an extensive list of applications, sorted by functionality. The administrator builds a policy by going through the list and specifying the applications that need to be allowed and denied. Sophos regularly updates the list, and if the administrator has authorized a particular application, then in theory all subsequent versions of that program will be recognized by Sophos and this information will be transferred to the end users' computers. In addition, Sophos is constantly adding new applications to the list. However, it is not entirely clear how custom applications.

The default policy is to allow all applications, although it would be easy to block all programs and then whitelist the applications used by the company. Figure 2 shows an archiving tool that has been added to the whitelist. The product does not seem to contain a remedy for automatic search applications installed on the computer. Therefore, unless you have previously conducted a software inventory, you should proceed very carefully when whitelisting applications.

Screen 2: Endpoint Security and Data Protection

Application control policies are applied to groups of computers. You can import existing computer groups from Active Directory(AD) or create your own group hierarchy. Accounts computers can be imported from AD or discovered on the network. Only one application control policy can be applied to a group, although one policy can affect multiple groups.

It was not possible to understand from the Sophos documentation and interface how to prepare whitelists for products not included in the list of identifiable products. It is unclear which identification mechanism Sophos uses: certificate-based, hash-based, or path-based. The main advantage of a certificate-based authentication mechanism over a hash-based authentication mechanism is that the rules do not become outdated after changes are made to applications. However, the rule definitions are loaded along with regular updates, distributed by Sophos, therefore this difference immaterial.

Monitoring. From a dedicated console, you can monitor all events related to application management. You can see events that occurred during a specified time period related to a specific user, computer, or application type.

Advantages over AppLocker. Endpoint Security has several advantages over AppLocker. First of all, Endpoint Security creates a heuristic identification mechanism for certain applications, so administrators don't have to build them manually. Additionally, Endpoint Security updates the application identity database. The downside to the product is that it doesn't seem to be able to block certain version applications (for example, Adobe Acrobat 9), but allow more new version the same program.

Additional notes. Before Endpoint deployment Security and Data Protection administrators need to apply policies to set the desired settings and start services. Without the MSI installer, deployment is done through the Sophos console. Administrators at some companies will not like the fact that the client deployment method through the console does not scale well. But Sophos is well suited for heterogeneous environments thanks to its support Mac clients, Unix and Linux, as well as compatibility with all Windows client operating systems.

The approach in which the rules are created by the supplier has both advantages and disadvantages. On the one hand, it is difficult to extend the rules to user applications. However, the advantage is that by handing over the responsibility of updating the rules to Sophos, the administrator can whitelist the application and not have to worry about the rules for that application.

Bit9 Parity

Bit9 Parity
BEHIND: extensive set of functions.
AGAINST: The interface needs improvement to make the powerful functionality easier to learn.
GRADE: 4 out of 5.
PRICE:$39 for an unlimited license.
RECOMMENDATIONS: the product will be very effective means preparing whitelists for administrators who need more advanced functionality than AppLocker provides, and having time to master Bit9 Parity.
CONTACT INFORMATION: Bit9, www.bit9.com

Along with application whitelists, Bit9 Parity has features such as registry protection, configuration monitoring, settings management, and file inventory.

Deployment of clients. Bit9 Parity clients are deployed via MSI files, which can be deployed traditionally using Group Policy, or using a tool such as SCCM 2007 R3. Users can also install the Bit9 client program from shared folders on the management server.

Creating and updating policies. Bit9 Parity policies are used to distribute computers into groups with similar security requirements. The client program blocks or allows executable files based on the parameters specified in the policy. By creating a policy, an administrator specifies how to deal with approved and unapproved executables, including whether to block unverified or unapproved scripts and executables, and whether to block certain file names and hashes. Figure 3 shows the Bit9 Parity policy.

Screen 3. Bit9 Parity

You can subscribe to a database hosted by Bit9, which automatically updates the whitelist so that users can run applications that are verified to be safe. Dangerous or dubious applications are blocked automatically.

Monitoring. Bit9 Parity provides monitoring and automatic discovery of new applications, as well as alerting administrators. Thanks to this feature, administrators can quickly identify new applications that have appeared in the company and decide on their authorization. Unknown applications are blocked by default. After reviewing the application, the administrator can approve it.

Advantages over AppLocker. Bit9 Parity has several advantages over AppLocker. First of all, the product works for clients Windows Vista and XP. In addition, thanks to the rapid identification of files, you can get additional information about a blocked application, in particular, find out whether it is classified as dangerous according to the Bit9 classification. Blocked applications can be sent to Bit9 for analysis. Bit9 Parity's reporting features are significantly better than AppLocker's. And finally, from the Bit9 Parity monitoring console on Web-based Administrators can connect to many clients without installing a separate management console.

Additional notes. Currently, for Bit9 Parity to function, IPv6 must be disabled on the management server. The vast majority of companies do not use IPv6 internal networks, but this will cause inconvenience for some companies that have made the transition to an IPv6 infrastructure.

Bit9 Parity is distinguished by its breadth of application management functions. The only drawback of the product is that the extensive functionality is difficult to master for administrators unfamiliar with the interface.

Optimal choice

The choice of an application whitelisting product or its own Group Policy functionality depends on the specifics of the company's infrastructure and its needs. With the help of a specialized product you can significantly reduce damage from viral infections and unauthorized applications, blocking applications that are not on the white list. Whitelist preparation products with advanced functionality beyond capabilities operating systems Windows Server, are necessary for most companies, because if customers are not represented only Windows computers 7, administrators will have to spend an unreasonable amount of time on timely update SRP policy.

It is extremely important to organize the service correctly. The main costs of deploying whitelists are not related to the products themselves, but to the time spent system administrators for installation and maintenance of application whitelists. Bit9 Parity and Lumension Application Control provide automatic detection of changed files, allowing administrators to quickly respond to changes in the application ecosystem. The Sophos approach relies on a central list of applications from which whitelists can be created, but the question arises whether the Sophos list covers all of a company's applications.

It is important to note that the products reviewed are part of broader security suites. IN this review only one aspect of these complexes is shown and no attempt is made to compare all their functions. Depending on individual preferences, it may be easier for the administrator to perform important tasks maintenance and whitelist management from the Bit9 Parity interface, rather than the Sophos Lumension Application Control or Endpoint Security and Data Protection interface.

Orin Thomas ( [email protected]) - Windows editor IT Pro