Manually create the following 25 user-defined Access Protection rules.
Protect keys from modification:
Use this example to configure the user-defined Access Protection rule to protect the process KEY from modification.
Mfeann.exe |
Logparser.exe |
Mcadmin.exe |
Mcconsol.exe |
Mcupdate.exe |
Restartvse.exe |
Scncfg32.exe |
shstat.exe |
Vstskmgr.exe |
wscavexe.exe |
scan32.exe |
scan64.exe |
Example:
Rule type:
Registry blocking rule
Rule name:
Protect mfeann.exe KEY from IFEO changes
Processes to Include:
*
Processes to Exclude: <blank>
Key or Value to protect:
KEY
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfeann.exe\**
Actions to block: Create, Write, Delete
Repeat for each process name.
Protect values from modification:
Use this example to configure the user-defined Access Protection rule to protect the key's VALUES from modification.
NOTE: You must use this procedure for each VSE process listed above, and substitute the process name in each added rule.
Example:
Rule type:
Registry blocking rule
Rule name:
Protect mfeann.exe VALUES from IFEO changes
Processes to Include:
*
Processes to Exclude: <blank>
Key or Value to protect:
VALUE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfeann.exe\**
Actions to block: Create, Write, Delete
Repeat for each process name.
Protect the parent key from DELETE:
Add a user-defined Access Protection rule to protect the parent key from being deleted.
Rule Name:
Prevent deleting IFEO parent key
Processes to Include =
*
Processes to Exclude = <blank>
Key or Value to protect:
KEY
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Actions to block:
Delete