To use Application control to prevent vulnerable applications from running, for example, to block an unpatched version, use a Target file version attribute.
For example, a program had a vulnerability that was patched in version 1.2.4. To block any version older than 1.2.4 from running, do the following.
- Create the following exclusion rule:
- Give the rule a name: Block an unpatched program.
- From the Event drop-down menu, select Application start.
- From the Action drop-down menu, select Block.
- Then, add the first condition to the exclusion rule:
- From the attribute drop-down menu, select Target file description.
Note: To find the file description, right-click the file in the File Explorer and select Properties.
- From the condition drop-down menu, select contains.
- In the Value field, enter the name of the unpatched program as it appears in the File description. For example, “Internet Explorer”.
Note: As “Internet Explorer” is in the Target file description, the program is blocked regardless of the file name or its location.
- From the attribute drop-down menu, select Target file description.
- Then, add the second condition to the exclusion rule:
- From the attribute drop-down menu, select Target file version.
- From the condition drop-down menu, select is less or equal to.
- In the Value field, enter 1.2.3.*.*.
Note: The condition for the target file version is “less or equal to 1.2.3.*.*” The asterisk indicates that only major and minor fields are used in the comparison.
Source : Official F-Secure Brand
Editor by : BEST Antivirus KBS Team
(Visited 17 times, 1 visits today)