0
(0)

To use Application control to prevent vulnerable applications from running, for example, to block an unpatched version, use a Target file version attribute.

For example, a program had a vulnerability that was patched in version 1.2.4. To block any version older than 1.2.4 from running, do the following.

  1. Create the following exclusion rule:
    1. Give the rule a name: Block an unpatched program.
    2. From the Event drop-down menu, select Application start.
    3. From the Action drop-down menu, select Block.
  2. Then, add the first condition to the exclusion rule:
    1. From the attribute drop-down menu, select Target file description.

      Note: To find the file description, right-click the file in the File Explorer and select Properties.

    2. From the condition drop-down menu, select contains.
    3. In the Value field, enter the name of the unpatched program as it appears in the File description. For example, “Internet Explorer”.

      Note: As “Internet Explorer” is in the Target file description, the program is blocked regardless of the file name or its location.

  3. Then, add the second condition to the exclusion rule:
    1. From the attribute drop-down menu, select Target file version.
    2. From the condition drop-down menu, select is less or equal to.
    3. In the Value field, enter 1.2.3.*.*.

      Note: The condition for the target file version is “less or equal to 1.2.3.*.*” The asterisk indicates that only major and minor fields are used in the comparison.

Source : Official F-Secure Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 9 times, 1 visits today)