User Guide
Contents
McAfee Internet Security 3
McAfee SecurityCenter.......................................................................................................5
SecurityCenter features ............................................................................................ 6
Using SecurityCenter ................................................................................................ 7
Fixing or ignoring protection problems ................................................................16
Working with alerts .................................................................................................21
Viewing events......................................................................................................... 27
McAfee VirusScan .............................................................................................................29
VirusScan features................................................................................................... 30
Scanning your computer ........................................................................................31
Working with scan results....................................................................................... 35
Scan types ................................................................................................................ 38
Using additional protection ................................................................................... 41
Setting up virus protection ..................................................................................... 45
McAfee Personal Firewall................................................................................................. 61
Personal Firewall features....................................................................................... 62
Starting Firewall ...................................................................................................... 63
Working with alerts .................................................................................................65
Managing informational alerts............................................................................... 67
Configuring Firewall protection............................................................................. 69
Managing programs and permissions ................................................................... 81
Managing computer connections.......................................................................... 89
Managing system services ...................................................................................... 97
Logging, monitoring, and analysis....................................................................... 103
Learning about Internet security .........................................................................113
McAfee Anti-Spam.......................................................................................................... 115
Anti-Spam features ............................................................................................... 117
Configuring spam detection................................................................................. 119
Filtering e-mail ...................................................................................................... 127
Setting up friends .................................................................................................. 129
Setting up your Webmail accounts ...................................................................... 133
Working with filtered e-mail................................................................................. 137
Configuring phishing protection ......................................................................... 139
McAfee Parental Controls .............................................................................................. 141
Parental Controls features.................................................................................... 142
Protecting your children....................................................................................... 143
Protecting information on the Web ..................................................................... 161
Protecting passwords............................................................................................ 163
McAfee Backup and Restore .......................................................................................... 167
Backup and Restore features................................................................................ 168
Archiving files ........................................................................................................ 169
Working with archived files .................................................................................. 177
McAfee QuickClean ........................................................................................................ 183
QuickClean features.............................................................................................. 184
Cleaning your computer....................................................................................... 185
Defragmenting your computer ............................................................................189
Scheduling a task................................................................................................... 191
i
ii Contents
McAfee Shredder............................................................................................................. 197
Shredder features .................................................................................................. 198
Shredding files, folders, and disks........................................................................ 199
McAfee Network Manager.............................................................................................. 201
Network Manager features ................................................................................... 202
Understanding Network Manager icons ............................................................. 203
Setting up a managed network............................................................................. 205
Managing the network remotely.......................................................................... 211
Monitoring your networks.................................................................................... 217
McAfee EasyNetwork...................................................................................................... 221
EasyNetwork features ........................................................................................... 222
Setting up EasyNetwork........................................................................................ 223
Sharing and sending files...................................................................................... 229
Sharing printers..................................................................................................... 235
Reference......................................................................................................................... 238
Glossary 239
About McAfee 253
License ................................................................................................................... 253
Copyright ............................................................................................................... 254
Customer and Technical Support.................................................................................. 255
Using McAfee Virtual Technician ........................................................................ 256
Index 267
C HAPTER 1
McAfee Internet Security
Like a home security system for your computer, Internet Security
protects you and your family from the latest threats, while
making your online experiences safer. You can use Internet
Security to protect your computer against viruses, hackers, and
spyware; monitor Internet traffic for suspicious activity; guard
your family’s privacy; rate risky Web sites; and more.
In this chapter
McAfee SecurityCenter ...............................................5
McAfee VirusScan .......................................................29
McAfee Personal Firewall ...........................................61
McAfee Anti-Spam ......................................................115
McAfee Parental Controls...........................................141
McAfee Backup and Restore.......................................167
McAfee QuickClean.....................................................183
McAfee Shredder.........................................................197
McAfee Network Manager..........................................201
McAfee EasyNetwork ..................................................221
Reference .....................................................................238
About McAfee ..............................................................253
Customer and Technical Support.............................. 255
3
C HAPTER 2
McAfee SecurityCenter
McAfee SecurityCenter allows you to monitor your computer's
security status, know instantly whether your computer's virus,
spyware, e-mail, and firewall protection services are up-to-date,
and act on potential security vulnerabilities. It provides the
navigational tools and controls you need to coordinate and
manage all areas of your computer's protection.
Before you begin configuring and managing your computer's
protection, review the SecurityCenter interface and make sure
that you understand the difference between protection status,
protection categories, and protection services. Then, update
SecurityCenter to ensure that you have the latest protection
available from McAfee.
After your initial configuration tasks are complete, you use
SecurityCenter to monitor your computer's protection status. If
SecurityCenter detects a protection problem, it alerts you so that
you can either fix or ignore the problem (depending on its
severity). You can also review SecurityCenter events, such as virus
scanning configuration changes, in an event log.
5
Note: SecurityCenter reports critical and non-critical protection
problems as soon as it detects them. If you need help diagnosing
your protection problems, you can run McAfee Virtual
Technician.
In this chapter
SecurityCenter features ..............................................6
Using SecurityCenter..................................................7
Fixing or ignoring protection problems ....................16
Working with alerts .....................................................21
Viewing events............................................................. 27
6 McAfee Internet Security
SecurityCenter features
Simplified protection status
Automated updates and
upgrades
Real-time alerts
Easily review your computer's protection status, check for
updates, and fix protection problems.
SecurityCenter automatically downloads and installs updates for
your programs. When a new version of a McAfee program is
available, it is automatically delivered to your computer as long as
your subscription is valid, ensuring that you always have
up-to-date protection.
Security alerts notify you of emergency virus outbreaks and
security threats.
C HAPTER 3
Using SecurityCenter
Before you begin using SecurityCenter, review the components
and configuration areas you will use to manage your computer's
protection status. For more information about the terminology
used in this image, see
and
Understanding protection categories (page 9). Then, you can
review your McAfee account information and verifying the
validity of your subscription.
7
Understanding protection status (page 8)
In this chapter
Understanding protection status...............................8
Understanding protection categories........................9
Understanding protection services ...........................10
Managing your subscriptions.....................................11
Updating SecurityCenter............................................13
8 McAfee Internet Security
Understanding protection status
Your computer's protection status is shown in the protection
status area on the SecurityCenter Home pane. It indicates
whether your computer is fully protected against the latest
security threats and can be influenced by things like external
security attacks, other security programs, and programs that
access the Internet.
Your computer's protection status can be red, yellow, or green.
Protection Status Description
Red Your computer is not protected. The protection
status area on the SecurityCenter Home pane is
red and states that you are not protected.
SecurityCenter reports at least one critical
security problem.
To achieve full protection, you must fix all
critical security problems in each protection
category (the problem category's status is set to
Action Required, also in red). For information
about how to fix protection problems, see
protection problems
(page 17).
Fixing
Yellow Your computer is partially protected. The
protection status area on the SecurityCenter
Home pane is yellow and states that you are not
protected. SecurityCenter reports at least one
non-critical security problem.
To achieve full protection, you must fix or ignore
the non-critical security problems associated
with each protection category. For information
about how to fix or ignore protection problems,
Fixing or ignoring protection problems
see
(page 16).
Green Your computer is fully protected. The protection
status area on the SecurityCenter Home pane is
green and states that you are protected.
SecurityCenter does not report any critical or
non-critical security problems.
Each protection category lists the services that
are protecting your computer.
Chapter 3 McAfee Internet Security 9
Understanding protection categories
SecurityCenter's protection services are divided into four
categories: Computer & Files, Internet & Network, E-mail & IM,
and Parental Controls. These categories help you to browse and
configure the security services protecting your computer.
Click a category name to configure its protection services and
view any security problems detected for those services. If your
computer's protection status is red or yellow, one or more
categories display an Action Required or Attention message,
indicating that SecurityCenter has detected a problem within the
category. For more information about protection status, see
Understanding protection status (page 8).
Protection Category Description
Computer & Files The Computer & Files category lets you
configure the following protection services:
Virus Protection
Spyware Protection
SystemGuards
Windows Protection
PC Health
Internet & Network The Internet & Network category lets you
configure the following protection services:
Firewall Protection
Phishing Protection
Identity Protection
E-mail & IM The E-mail & IM category lets you configure
the following protection services:
E-mail Virus Protection
IM Virus Protection
E-mail Spyware Protection
IM Spyware Protection
Spam Protection
Parental Controls The Parental Controls category lets you
configure the following protection services:
Content Blocking
10 McAfee Internet Security
Understanding protection services
Protection services are the various security components that you
configure to protect your computer and files. Protection services
directly correspond to McAfee programs. For example, when you
install VirusScan, the following protection services become
available: Virus Protection, Spyware Protection, SystemGuards,
and Script Scanning. For detailed information about these
particular protection services, see the VirusScan help.
By default, all protection services associated with a program are
enabled when you install the program; however you can disable a
protection service at any time. For example, if you install Parental
Controls, Content Blocking and Identity Protection are both
enabled. If you do not intend to use the Content Blocking
protection service, you can disable it entirely. You can also
temporarily disable a protection service while performing setup
or maintenance tasks.
Chapter 3 McAfee Internet Security 11
Managing your subscriptions
Each McAfee protection product that you purchase comes with a
subscription that lets you use the product on a certain number of
computers for a certain period of time. The length of your
subscription varies according to your purchase, but usually starts
when you activate your product. Activation is simple and
free—all you need is an Internet connection—but it's very
important because it entitles you to receive regular, automatic
product updates that keep your computer protected from the
latest threats.
Activation normally occurs when the product is installed, but if
you decide to wait (for example, if you don't have an Internet
connection), you have 15 days to activate. If you don't activate
within 15 days, your products will no longer receive critical
updates or perform scans. We'll also notify you periodically (with
onscreen messages) before your subscription is about to expire.
That way you can avoid interruptions in your protection by
renewing it early or by setting up auto-renewal on our Web site.
If you see a link in SecurityCenter prompting you to activate, then
your subscription has not been activated. To see your
subscription's expiration date, you can check your Account page.
Access your McAfee account
You can easily access your McAfee account information (your
Account page) from SecurityCenter.
1 Under Common Tasks, click My Account.
2 Log in to your McAfee account.
Activate your product
Activation normally occurs when you install your product. But if
it hasn't, you'll see a link in SecurityCenter prompting you to
activate. We'll also notify you periodically.
On the SecurityCenter Home pane, under SecurityCenter
Information, click Please activate your subscription.
Tip: You can also activate from the alert that periodically
appears.
Verify your subscription
You verify your subscription to ensure that it has not yet expired.
Right-click the SecurityCenter icon
in the notification area
at the far right of your taskbar, and then click Verify
Subscription.
12 McAfee Internet Security
Renew your subscription
Shortly before your subscription is about to expire, you'll see a
link in SecurityCenter prompting you to renew. We'll also notify
you periodically about pending expiration with alerts.
On the SecurityCenter Home pane, under SecurityCenter
Information, click Renew.
Tip: You can also renew your product from the notification
message that periodically appears. Or, go to your Account page,
where you can renew or set up auto-renewal.
C HAPTER 4
13
Updating SecurityCenter
SecurityCenter ensures that your registered McAfee programs are
current by checking for and installing online updates every four
hours. Depending on the programs you have installed and
activated, online updates may include the latest virus definitions
and hacker, spam, spyware, or privacy protection upgrades. If
you want to check for updates within the default four hour
period, you can do so at any time. While SecurityCenter is
checking for updates, you can continue to perform other tasks.
Although it is not recommended, you can change the way
SecurityCenter checks for and installs updates. For example, you
can configure SecurityCenter to download but not install updates
or to notify you before downloading or installing updates. You
can also disable automatic updating.
Note: If you installed your McAfee product from a CD, you must
activate within 15 days or your products will not receive critical
updates or perform scans.
In this chapter
Check for updates .......................................................13
Configure automatic updates.....................................14
Disable automatic updates......................................... 14
Check for updates
By default, SecurityCenter automatically checks for updates every
four hours when your computer is connected to the Internet;
however, if you want to check for updates within the four hour
period, you can do so. If you have disabled automatic updates, it
is your responsibility to check for updates regularly.
On the SecurityCenter Home pane, click Update.
Tip: You can check for updates without launching SecurityCenter
by right-clicking the SecurityCenter icon in the notification
area at the far right of your taskbar, and then clicking Updates.
14 McAfee Internet Security
Configure automatic updates
By default, SecurityCenter automatically checks for and installs
updates every four hours when your computer is connected to
the Internet. If you want to change this default behavior, you can
configure SecurityCenter to automatically download updates and
then notify you when the updates are ready to be installed or to
notify you before downloading the updates.
Note: SecurityCenter notifies you when updates are ready to be
downloaded or installed using alerts. From the alerts, you can
either download or install the updates, or postpone the updates.
When you update your programs from an alert, you may be
prompted to verify your subscription before downloading and
installing. For more information, see Working with alerts (page
21).
1 Open the SecurityCenter Configuration pane.
How?
1. Under Common Tasks, click Home.
2. On the right pane, under SecurityCenter
Information, click Configure.
2 On the SecurityCenter Configuration pane, under Automatic
updates are disabled, click On, and then click Advanced.
3 Click one of the following buttons:
Install the updates automatically and notify me when
my services are updated (recommended)
Download the updates automatically and notify me
when they are ready to be installed
Notify me before downloading any updates
4 Click OK.
Disable automatic updates
If you disable automatic updates, it is your responsibility to check
for updates regularly; otherwise, your computer will not have the
latest security protection. For information about checking for
updates manually, see
Check for updates (page 13).
1 Open the SecurityCenter Configuration pane.
How?
Chapter 4 McAfee Internet Security 15
1. Under Common Tasks, click Home.
2. On the right pane, under SecurityCenter
Information, click Configure.
2 On the SecurityCenter Configuration pane, under Automatic
updates are enabled, click Off.
3 In the confirmation dialog box, click Yes.
Tip: You enable automatic updates by clicking the On button or
by clearing Disable automatic updating and let me manually
check for updates on the Update Options pane.
16 McAfee Internet Security
Fixing or ignoring protection problems
SecurityCenter reports critical and non-critical protection
problems as soon as it detects them. Critical protection problems
require immediate action and compromise your protection status
(changing the color to red). Non-critical protection problems do
not require immediate action and may or may not compromise
your protection status (depending on the type of problem). To
achieve a green protection status, you must fix all critical
problems and either fix or ignore all non-critical problems. If you
need help diagnosing your protection problems, you can run
McAfee Virtual Technician. For more information about McAfee
Virtual Technician, see the McAfee Virtual Technician help.
In this chapter
Fixing protection problems........................................ 17
Ignoring protection problems....................................19
Chapter 4 McAfee Internet Security 17
Fixing protection problems
Most security problems can be fixed automatically; however,
some problems may require you to take action. For example, if
Firewall Protection is disabled, SecurityCenter can enable it
automatically; however, if Firewall Protection is not installed, you
must install it. The following table describes some other actions
that you might take when fixing protection problems manually:
Problem Action
A full scan of your computer has
not been performed in the last 30
days.
Scan your computer manually. For
more information, see the VirusScan
help.
Your detection signature files
(DATs) are out-of-date.
A program is not installed. Install the program from the McAfee
A program is missing
components.
A program is not activated, and
cannot receive full protection.
Your subscription has expired. Check your account status on the
Update your protection manually.
For more information, see the
VirusScan help.
Web site or CD.
Reinstall the program from the
McAfee Web site or CD.
Activate the program on the McAfee
Web site.
McAfee Web site. For more
information, see
subscriptions
Managing your
(page 11).
Note: Often, a single protection problem affects more than one
protection category. In this case, fixing the problem in one
category clears it from all other protection categories.
Fix protection problems automatically
SecurityCenter can fix most protection problems automatically.
The configuration changes that SecurityCenter makes when
automatically fixing protection problems are not recorded in the
event log. For more information about events, see
Viewing events
(page 27).
1 Under Common Tasks, click Home.
2 On the SecurityCenter Home pane, in the protection status
area, click Fix.
18 McAfee Internet Security
Fix protection problems manually
If one or more protection problems persist after you try to fix
them automatically, you can fix the problems manually.
1 Under Common Tasks, click Home.
2 On the SecurityCenter Home pane, click the protection
category in which SecurityCenter reports the problem.
3 Click the link following the description of the problem.
Chapter 4 McAfee Internet Security 19
Ignoring protection problems
If SecurityCenter detects a non-critical problem, you can either
fix or ignore it. Other non-critical problems (for example, if
Anti-Spam or Parental Controls are not installed) are
automatically ignored. Ignored problems are not shown in the
protection category information area on the SecurityCenter
Home pane, unless your computer's protection status is green. If
you ignore a problem, but later decide that you want it to appear
in the protection category information area even when your
computer's protection status is not green, you can show the
ignored problem.
Ignore a protection problem
If SecurityCenter detects a non-critical problem that you do not
intend to fix, you can ignore it. Ignoring it removes the problem
from the protection category information area in SecurityCenter.
1 Under Common Tasks, click Home.
2 On the SecurityCenter Home pane, click the protection
category in which the problem is reported.
3 Click the Ignore link beside the protection problem.
Show or hide ignored problems
Depending on its severity, you can show or hide an ignored
protection problem.
1 Open the Alert Options pane.
How?
1. Under Common Tasks, click Home.
2. On the right pane, under SecurityCenter
Information, click Configure.
3. Under Alerts, click Advanced.
2 On the SecurityCenter Configuration pane, click Ignored
Problems.
3 On the Ignored Problems pane, do the following:
To ignore a problem, select its check box.
To report a problem in the protection category
information area, clear its check box.
20 McAfee Internet Security
4 Click OK.
Tip: You can also ignore a problem by clicking the Ignore link
beside the reported problem in the protection category
information area.
C HAPTER 5
Working with alerts
Alerts are small pop-up dialog boxes that appear in the
bottom-right corner of your screen when certain SecurityCenter
events occur. An alert provides detailed information about an
event as well as recommendations and options for resolving
problems that may be associated with the event. Some alerts also
contain links to additional information about the event. These
links let you launch McAfee's global Web site or send information
to McAfee for troubleshooting.
There are three types of alerts: red, yellow, and green.
Alert Type Description
Red A red alert is a critical notification that requires a
21
response from you. Red alerts occur when
SecurityCenter cannot determine how to fix a
protection problem automatically.
Yellow A yellow alert is a non-critical notification that
usually requires a response from you.
Green A green alert is a non-critical notification that does
not require a response from you. Green alerts
provide basic information about an event.
Because alerts play such an important role in monitoring and
managing your protection status, you cannot disable them.
However, you can control whether certain types of informational
alerts appear and configure some other alert options (such as
whether SecurityCenter plays a sound with an alert or displays
the McAfee splash screen on startup).
In this chapter
Showing and hiding informational alerts..................22
Configuring alert options ...........................................24
22 McAfee Internet Security
Showing and hiding informational alerts
Informational alerts notify you when events occur that do not
pose threats to your computer's security. For example, if you
have set up Firewall Protection, an informational alert appears by
default whenever a program on your computer is granted access
to the Internet. If you do not want a specific type of informational
alert to appear, you can hide it. If you do not want any
informational alerts to appear, you can hide them all. You can
also hide all informational alerts when you play a game in
full-screen mode on your computer. When you finish playing the
game and exit full-screen mode, SecurityCenter starts displaying
informational alerts again.
If you mistakenly hide an informational alert, you can show it
again at any time. By default, SecurityCenter shows all
informational alerts.
Show or hide informational alerts
You can configure SecurityCenter to show some informational
alerts and hide others, or to hide all informational alerts.
1 Open the Alert Options pane.
How?
1. Under Common Tasks, click Home.
2. On the right pane, under SecurityCenter
Information, click Configure.
3. Under Alerts, click Advanced.
2 On the SecurityCenter Configuration pane, click
Informational Alerts.
3 On the Informational Alerts pane, do the following:
To show an informational alert, clear its check box.
To hide an informational alert, select its check box.
To hide all informational alerts, select the Do not show
informational alerts check box.
4 Click OK.
Tip: You can also hide an informational alert by selecting the Do
not show this alert again check box in the alert itself. If you do
so, you can show the informational alert again by clearing the
appropriate check box on the Informational Alerts pane.
Chapter 5 McAfee Internet Security 23
Show or hide informational alerts when gaming
You can hide informational alerts when you are playing a game in
full-screen mode on your computer. When you finish the game
and exit full-screen mode, SecurityCenter starts displaying
informational alerts again.
1 Open the Alert Options pane.
How?
1. Under Common Tasks, click Home.
2. On the right pane, under SecurityCenter
Information, click Configure.
3. Under Alerts, click Advanced.
2 On the Alert Options pane, select or clear the Show
informational alerts when gaming mode is detected
check box.
3 Click OK.
24 McAfee Internet Security
Configuring alert options
The appearance and frequency of alerts is configured by
SecurityCenter; however, you can adjust some basic alert options.
For example, you can play a sound with alerts or hide the splash
screen alert from displaying when Windows starts. You can also
hide alerts that notify you about virus outbreaks and other
security threats in the online community.
Play a sound with alerts
If you want to receive an audible indication that an alert has
occurred, you can configure SecurityCenter to play a sound with
each alert.
1 Open the Alert Options pane.
How?
1. Under Common Tasks, click Home.
2. On the right pane, under SecurityCenter
Information, click Configure.
3. Under Alerts, click Advanced.
2 On the Alert Options pane, under Sound, select the Play a
sound when an alert occurs check box.
Hide the splash screen at startup
By default, the McAfee splash screen appears briefly when
Windows starts, notifying you that SecurityCenter is protecting
your computer. However, you can hide the splash screen if you
do not want it to appear.
1 Open the Alert Options pane.
How?
1. Under Common Tasks, click Home.
2. On the right pane, under SecurityCenter
Information, click Configure.
3. Under Alerts, click Advanced.
2 On the Alert Options pane, under Splash Screen, clear the
Show the McAfee splash screen when Windows starts
check box.
Tip: You can show the splash screen again at any time by
selecting the Show the McAfee splash screen when Windows
starts check box.
Chapter 5 McAfee Internet Security 25
Hide virus outbreak alerts
You can hide alerts that notify you about virus outbreaks and
other security threats in the online community.
1 Open the Alert Options pane.
How?
1. Under Common Tasks, click Home.
2. On the right pane, under SecurityCenter
Information, click Configure.
3. Under Alerts, click Advanced.
2 On the Alert Options pane, clear the Alert me when a virus
or security threat occurs check box.
Tip: You can show virus outbreak alerts at any time by selecting
the Alert me when a virus or security threat occurs check box.
Hide security messages
You can hide security notifications about protecting more
computers on your home network. These messages provide
information about your subscription, the number of computers
you can protect with your subscription, and how to extend your
subscription to protect even more computers.
1 Open the Alert Options pane.
How?
1. Under Common Tasks, click Home.
2. On the right pane, under SecurityCenter
Information, click Configure.
3. Under Alerts, click Advanced.
2 On the Alert Options pane, clear the Show virus advisories
or other security messages check box.
Tip: You can show these security messages at any time by
selecting the Show virus advisories or other security
messages check box.
C HAPTER 6
Viewing events
27
An event is an action or configuration change that occurs within a
protection category and its related protection services. Different
protection services record different types of events. For example,
SecurityCenter records an event if a protection service is enabled
or disabled; Virus Protection records an event each time a virus is
detected and removed; and Firewall Protection records an event
each time an Internet connection attempt is blocked. For more
information about protection categories, see
protection categories
(page 9).
Understanding
You can view events when troubleshooting configuration issues
and reviewing operations performed by other users. Many
parents use the event log to monitor their children's behavior on
the Internet. You view recent events if you want to examine only
the last 30 events that occurred. You view all events if you want to
examine a comprehensive list of all events that occurred. When
you view all events, SecurityCenter launches the event log, which
sorts events according to the protection category in which they
occurred.
In this chapter
View recent events ......................................................27
View all events .............................................................27
View recent events
You view recent events if you want to examine only the last 30
events that occurred.
Under Common Tasks, click View Recent Events.
View all events
You view all events if you want to examine a comprehensive list
of all events that occurred.
1 Under Common Tasks, click View Recent Events.
2 On the Recent Events pane, click View Log.
3 On the event log's left pane, click the type of events you want
to view.
C HAPTER 7
McAfee VirusScan
VirusScan's advanced detection and protection services defend
you and your computer from the latest security threats, including
viruses, Trojans, tracking cookies, spyware, adware, and other
potentially unwanted programs. Protection extends beyond the
files and folders on your desktop, targeting threats from different
points of entry—including e-mail, instant messages, and the
Web.
With VirusScan, your computer's protection is immediate and
constant (no tedious administration required). While you work,
play, browse the Web, or check your e-mail, it runs in the
background, monitoring, scanning, and detecting potential harm
in real time. Comprehensive scans run on schedule, periodically
checking your computer using a more sophisticated set of
options. VirusScan offers you the flexibility to customize this
behavior if you want to; but if you don't, your computer remains
protected.
29
With normal computer use, viruses, worms, and other potential
threats may infiltrate your computer. If this occurs, VirusScan
notifies you about the threat, but usually handles it for you,
cleaning or quarantining infected items before any damage
occurs. Although rare, further action may sometimes be required.
In these cases, VirusScan lets you decide what to do (rescan the
next time you start your computer, keep the detected item, or
remove the detected item).
Note: SecurityCenter reports critical and non-critical protection
problems as soon as it detects them. If you need help diagnosing
your protection problems, you can run McAfee Virtual
Technician.
In this chapter
VirusScan features.......................................................30
Scanning your computer ............................................31
Working with scan results...........................................35
Scan types ....................................................................38
Using additional protection .......................................41
Setting up virus protection.........................................45
30 McAfee Internet Security
VirusScan features
Comprehensive virus
protection
Resource-aware scanning
options
Automatic repairs
Pausing tasks in full-screen
mode
Defend yourself and your computer from the latest security threats,
including viruses, Trojans, tracking cookies, spyware, adware, and
other potentially unwanted programs. Protection extends beyond
the files and folders and on your desktop, targeting threats from
different points of entry—including e-mail, instant messages, and
the Web. No tedious administration required.
Customize scanning options if you want to; but if you don't, your
computer remains protected. If you experience slow scan speeds,
then you can disable the option to use minimal computer
resources, but keep in mind that higher priority will be given to
virus protection than to other tasks.
If VirusScan detects a security threat while running a scan, it tries
to handle the threat automatically according to the threat type.
This way, most threats can be detected and neutralized without
your interaction. Although rare, VirusScan may not be able to
neutralize a threat on its own. In these cases, VirusScan lets you
decide what to do (rescan the next time you start your computer,
keep the detected item, or remove the detected item).
When enjoying activities like watching movies, playing games on
your computer, or any activity that occupies your entire computer
screen, VirusScan pauses a number of tasks, such as manual scans.
C HAPTER 8
Scanning your computer
Even before you start SecurityCenter for the first time,
VirusScan's real-time virus protection starts protecting your
computer from potentially harmful viruses, Trojans, and other
security threats. Unless you disable real-time virus protection,
VirusScan constantly monitors your computer for virus activity,
scanning files each time you or your computer access them, using
the real-time scanning options that you set. To make sure that
your computer stays protected against the latest security threats,
leave real-time virus protection on and set up a schedule for
regular, more comprehensive manual scans. For more
information about setting scan options, see
protection
VirusScan provides a more detailed set of scanning options for
virus protection, allowing you to periodically run more extensive
scans. You can run full, quick, custom, or scheduled scan from
SecurityCenter. You can also run manual scans in Windows
Explorer while you work. Scanning in SecurityCenter offers the
advantage of changing scanning options on-the-fly. However,
scanning from Windows Explorer offers a convenient approach to
computer security.
(page 45).
31
Setting up virus
Whether you run a scan from SecurityCenter or Windows
Explorer, you can view the scan results when it finishes. You view
the results of a scan to determine whether VirusScan has
detected, repaired, or quarantined viruses, trojans, spyware,
adware, cookies, and other potentially unwanted programs. The
results of a scan can be displayed in different ways. For example,
you can view a basic summary of scan results or detailed
information, such as the infection status and type. You can also
view general scan and detection statistics.
In this chapter
Scan your PC................................................................31
View scan results .........................................................33
Scan your PC
VirusScan provides a complete set of scanning options for virus
protection, including real-time scanning (which constantly
monitors your PC for threat activity), manual scanning from
Windows Explorer, and full, quick, custom, or scheduled scan
from SecurityCenter.
To... Do this...
32 McAfee Internet Security
To... Do this...
Start Real-time scanning
to constantly monitor
your computer for virus
activity, scanning files
each time you or your
computer access them
Start a QuickScan to
quickly check your
computer for threats
Start a Full Scan to
thoroughly check your
computer for threats
Start a Custom Scan
based on your own
settings
1. Open the Computer & Files
Configuration pane.
How?
1. On the left pane, click
Advanced Menu.
2. Click Configure.
3. On the Configure pane,
click Computer & Files.
2. Under Virus protection, click On.
Note: Real-time scanning is enabled by
default.
1. Click
2. On the Scan Options pane, under
Quick Scan, click
1. Click
2. On the Scan Options pane, under Full
Scan, click
1. Click Scan on the Basic menu.
2. On the Scan Options pane, under Let
Me Choose, click
3. Customize a scan by clearing or
selecting:
Scan on the Basic menu.
Start.
Scan on the Basic menu.
Start.
Start.
Start a Manual Scan to
check for threats in files,
folders or drives
All threats in All Files
Unknown Viruses
Archive Files
Spyware and Potential Threats
Tracking Cookies
Stealth Programs
4. Click
1. Open Windows Explorer.
2. Right-click a file, folder, or drive, and
then click
Start.
Scan.
Chapter 8 McAfee Internet Security 33
To... Do this...
Start a Scheduled Scan
that periodically scans
your computer for
threats
1. Open the Scheduled Scan pane.
How?
1. Under Common Tasks,
click Home.
2. On the SecurityCenter
Home pane, click
Computer & Files.
3. In the Computer & Files
information area, click
Configure.
4. On the Computer & Files
Configuration pane,
ensure that virus
protection is enabled, and
click Advanced.
5. Click Scheduled Scan in
the Virus Protection pane.
2. Select Enable scheduled
scanning
3. To reduce the amount of processor
power normally used for scanning, select
.
Scan using minimal computer
resources
4. Select one or more days.
5. Specify a start time.
.
6. Click
OK.
The scan results appear in the Scan completed alert. Results
include the number of items scanned, detected, repaired,
quarantined, and removed. Click View scan details to learn
more about the scan results or to work with infected items.
Note: To learn more about scan options, see Scan Types. (page 38)
View scan results
When a scan finishes, you view the results to determine what the
scan found and to analyze the current protection status of your
computer. Scan results tell you whether VirusScan detected,
repaired, or quarantined viruses, trojans, spyware, adware,
cookies, and other potentially unwanted programs.
On the Basic or Advanced menu, click Scan and then do one of
the following:
To... Do this...
34 McAfee Internet Security
To... Do this...
View scan results in the
alert
View more information
about scan results
View a quick summary of
the scan results
View scan and detection
statistics
View details about
detected items, infection
status, and type
View details about your
most recent scan
View scan results in the Scan completed
alert.
View scan details in the Scan
Click
completed alert.
Point to the
notification area on your taskbar.
Double-click the Scan completed icon in
the notification area on your taskbar.
1. Double-click the
in the notification area on your taskbar.
2. Click
Quick Scan, Custom Scan, or Manual Scan
pane.
Double-click the
the notification area on your taskbar and
view the details of your most recent scan
under Your Scan on either the Full Scan,
Quick Scan, Custom Scan, or Manual Scan
pane.
Scan completed icon in the
Scan completed icon
Details on either the Full Scan,
Scan completed icon in
C HAPTER 9
Working with scan results
If VirusScan detects a security threat while running a scan, it tries
to handle the threat automatically according to the threat type.
For example, If VirusScan detects a virus, Trojan, or tracking
cookie on your computer, it tries to clean the infected file.
VirusScan always quarantines a file before attempting to clean it.
If it's not clean, the file is quarantined.
With some security threats, VirusScan may not be able to clean or
quarantine a file successfully. In this case, VirusScan prompts you
to handle the threat. You can take different actions depending on
the threat type. For example, if a virus is detected in a file, but
VirusScan cannot successfully clean or quarantine the file, it
denies further access to it. If tracking cookies are detected, but
VirusScan cannot successfully clean or quarantine the cookies,
you can decide whether to remove or trust the them. If
potentially unwanted programs are detected, VirusScan does not
take any automatic action; instead, it lets you decide whether to
quarantine or trust the program.
35
When VirusScan quarantines items, it encrypts and then isolates
them in a folder to prevent the files, programs, or cookies from
harming your computer. You can restore or remove the
quarantined items. In most cases, you can delete a quarantined
cookie without impacting your system; however, if VirusScan has
quarantined a program that you recognize and use, consider
restoring it.
In this chapter
Work with viruses and Trojans...................................35
Work with potentially unwanted programs ..............36
Work with quarantined files....................................... 36
Work with quarantined programs and cookies.........37
Work with viruses and Trojans
If VirusScan detects a virus or Trojan in a file on your computer, it
tries to clean the file. If it cannot clean the file, VirusScan tries to
quarantine it. If this too fails, access to the file is denied (in
real-time scans only).
1 Open the Scan Results pane.
How?
36 McAfee Internet Security
1. Double-click the Scan completed icon in the
notification area at the far right of your taskbar.
2. On the Scan pane, click Details.
2 In the scan results list, click Viruses and Trojans.
Note: To work with the files that VirusScan has quarantined, see
Work with quarantined files (page 36).
Work with potentially unwanted programs
If VirusScan detects a potentially unwanted program on your
computer, you can either remove or trust the program. If you are
unfamilar with the program, we recommend that you consider
removing it. Removing the potentially unwanted program does
not actually delete it from your system. Instead, removing
quarantines the program to prevent it from causing damage to
your computer or files.
1 Open the Scan Results pane.
How?
1. Double-click the Scan completed icon in the
notification area at the far right of your taskbar.
2. On the Scan pane, click Details.
2 In the scan results list, click Potentially Unwanted
Programs.
3 Select a potentially unwanted program.
4 Under I want to, click either Remove or Trust.
5 Confirm your selected option.
Work with quarantined files
When VirusScan quarantines infected files, it encrypts and then
moves them to a folder to prevent the files from harming your
computer. You can then restore or remove the quarantined files.
1 Open the Quarantined Files pane.
How?
1. On the left pane, click Advanced Menu.
2. Click Restore.
3. Click Files.
2 Select a quarantined file.
3 Do one of the following:
To repair the infected file and return it to its original
location on your computer, click Restore.
Chapter 9 McAfee Internet Security 37
To remove the infected file from your computer, click
Remove.
4 Click Yes to confirm your selected option.
Tip: You can restore or remove multiple files at the same time.
Work with quarantined programs and cookies
When VirusScan quarantines potentially unwanted programs or
tracking cookies, it encrypts and then moves them to a protected
folder to prevent the programs or cookies from harming your
computer. You can then restore or remove the quarantined
items. In most cases, you can delete a quarantined without
impacting your system.
1 Open the Quarantined Programs and Tracking Cookies pane.
How?
1. On the left pane, click Advanced Menu.
2. Click Restore.
3. Click Programs and Cookies.
2 Select a quarantined program or cookie.
3 Do one of the following:
To repair the infected file and return it to its original
location on your computer, click Restore.
To remove the infected file from your computer, click
Remove.
4 Click Yes to confirm the operation.
Tip: You can restore or remove multiple programs and cookies at
the same time.
38 McAfee Internet Security
Scan types
VirusScan provides a complete set of scanning options for virus
protection, including real-time scanning (which constantly
monitors your PC for threat activity), manual scanning from
Windows Explorer, and the ability to run a full, quick, custom
scan from SecurityCenter, or customize when scheduled scans
will occur. Scanning in SecurityCenter offers the advantage of
changing scanning options on-the-fly.
Real-Time Scanning:
Real-time virus protection constantly monitors your computer
for virus activity, scanning files each time you or your computer
access them. To make sure that your computer stays protected
against the latest security threats, leave real-time virus protection
on and set up a schedule for regular, more comprehensive,
manual scans.
You can set default options for real-time scanning, which include
scanning for unknown viruses, and checking for threats in
tracking cookies and network drives. You can also take advantage
of buffer overflow protection, which is enabled by default (except
if you are using a Windows Vista 64-bit operating system). To
learn more, see
Setting real-time scan options (page 46).
Quick Scan
Quick Scan allows you to check for threat activity in processes,
critical Windows files, and other susceptible areas on your
computer.
Full Scan
Full Scan allows you to thoroughly check your entire computer
for viruses, spyware, and other security threats that exist
anywhere on your PC.
Custom Scan
Custom Scan allows you to choose your own scan settings to
check for threat activity on your PC. Custom scan options include
checking for threats in all files, in archive files, and in cookies in
addition to scanning for unknown viruses, spyware, and stealth
programs.
You can set default options for custom scans, which include
scanning for unknown viruses, archive files, spyware and
potential threats, tracking cookies, and stealth programs. You can
also scan using minimal computer resources. To learn more, see
Setting custom scan options (page 48)
Manual Scan
Chapter 9 McAfee Internet Security 39
Manual Scan allows you to quickly check for threats in files,
folders, and drives on the fly from Windows Explorer.
Schedule scan
Scheduled scans thoroughly check your computer for viruses and
other threats any day and time of the week. Scheduled scans
always check your entire computer using your default scan
options. By default, VirusScan performs a scheduled scan once a
week. If you find that you are experiencing slow scan speeds,
consider disabling the option to use minimal computer
resources, but keep in mind that higher priority will be given to
virus protection than to other tasks. To learn more, see
Scheduling a scan (page 51)
Note: To learn how to start the best scan option for you, see Scan
your PC (page 31)
C HAPTER 10
Using additional protection
In addition to real-time virus protection, VirusScan provides
advanced protection against scripts, spyware, and potentially
harmful e-mail and instant message attachments. By default,
script scanning, spyware, e-mail, and instant messaging
protection are turned on and protecting your computer.
Script scanning protection
Script scanning protection detects potentially harmful scripts
and prevents them from running on your computer or web
browser. It monitors your computer for suspect script activity,
such as a script that creates, copies, or deletes files, or opens your
Windows registry, and alerts you before any damage occurs.
Spyware protection
41
Spyware protection detects spyware, adware, and other
potentially unwanted programs. Spyware is software that can be
secretly installed on your computer to monitor your behavior,
collect personal information, and even interfere with your control
of the computer by installing additional software or redirecting
browser activity.
E-mail protection
E-mail protection detects suspect activity in the e-mail and
attachments you send.
Instant messaging protection
Instant messaging protection detects potential security threats
from instant message attachments that you receive. It also
prevents instant messaging programs from sharing personal
information.
In this chapter
Start script scanning protection.................................42
Start spyware protection.............................................42
Start e-mail protection................................................42
Start instant messaging protection............................43
42 McAfee Internet Security
Start script scanning protection
Turn on script scanning protection to detect potentially harmful
scripts and prevent them from running on your computer. Script
scanning protection alerts you when a script tries to create, copy,
or delete files on your computer, or make changes to your
Windows registry.
1 Open the Computer & Files Configuration pane.
How?
1. On the left pane, click Advanced Menu.
2. Click Configure.
3. On the Configure pane, click Computer & Files.
2 Under Script scanning protection, click On.
Note: Although you can turn off script scanning protection at any
time, doing so leaves your computer vulnerable to harmful
scripts.
Start spyware protection
Turn on spyware protection to detect and remove spyware,
adware, and other potentially unwanted programs that gather
and transmit information without your knowledge or permission.
1 Open the Computer & Files Configuration pane.
How?
1. On the left pane, click Advanced Menu.
2. Click Configure.
3. On the Configure pane, click Computer & Files.
2 Under spyware protection, click On.
Note: Although you can turn off spyware protection at any time,
doing so leaves your computer vulnerable to potentially
unwanted programs.
Start e-mail protection
Turn on e-mail protection to detect worms as well as potential
threats in inbound (POP3) e-mail messages and attachments.
1 Open the E-mail & IM Configuration pane.
How?
Chapter 10 McAfee Internet Security 43
1. On the left pane, click Advanced Menu.
2. Click Configure.
3. On the Configure pane, click E-mail & IM.
2 Under E-mail protection, click On.
Note: Although you can turn off e-mail protection at any time,
doing so leaves your computer vulnerable to e-mail threats.
Start instant messaging protection
Turn on instant messaging protection to detect security threats
that can be included in inbound instant message attachments.
1 Open the E-mail & IM Configuration pane.
How?
1. On the left pane, click Advanced Menu.
2. Click Configure.
3. On the Configure pane, click E-mail & IM.
2 Under Instant Messaging protection, click On.
Note: Although you can turn off instant messaging protection at
any time, doing so leaves your computer vulnerable to harmful
instant message attachments.
C HAPTER 11
Setting up virus protection
You can set different options for scheduled, custom, and
real-time scanning. For example, because real-time protection
continuously monitors your computer, you might select a certain
set of basic scanning options, reserving a more comprehensive
set of scanning options for manual, on-demand protection.
You can also decide how you would like VirusScan to monitor
and manage potentially unauthorized or unwanted changes on
your PC using SystemGuards and Trusted Lists. SystemGuards
monitor, log, report, and manage potentially unauthorized
changes made to the Windows registry or critical system files on
your computer. Unauthorized registry and file changes can harm
your computer, compromise its security, and damage valuable
system files. You can use Trusted Lists to decide whether you
want to trust or remove rules that detect file or registry changes
(SystemGuard), program, or buffer overflows. If you trust the
item and indicate that you do not want to receive future
notification about its activity, the item is added to a trusted list
and VirusScan no longer detects it or notifies you about its
activity.
45
In this chapter
Setting real-time scan options ...................................46
Setting custom scan options ......................................48
Scheduling a scan........................................................51
Using SystemGuards options .....................................52
Using trusted lists........................................................ 58
46 McAfee Internet Security
Setting real-time scan options
When you start real-time virus protection, VirusScan uses a
default set of options to scan files; however, you can change the
default options to suit your needs.
To change real-time scanning options, you must make decisions
about what VirusScan checks for during a scan, as well as the
locations and file types it scans. For example, you can determine
whether VirusScan checks for unknown viruses or cookies that
Web sites can use to track your behavior, and whether it scans
network drives that are mapped to your computer or just local
drives. You can also determine what types of files are scanned (all
files, or just program files and documents, since that is where
most viruses are detected).
When changing real-time scanning options, you must also
determine whether it's important for your computer to have
buffer overflow protection. A buffer is a portion of memory used
to temporarily hold computer information. Buffer overflows can
occur when the amount of information suspect programs or
processes store in a buffer exceeds the buffer's capacity. When
this occurs, your computer becomes more vulnerable to security
attacks.
Set real-time scan options
You set real-time scan options to customize what VirusScan looks
for during a real-time scan, as well as the locations and file types
it scans. Options include scanning for unknown viruses and
tracking cookies as well as providing buffer overflow protection.
You can also configure real-time scanning to check network
drives that are mapped to your computer.
1 Open the Real-Time Scanning pane.
How?
1. Under Common Tasks, click Home.
2. On the SecurityCenter Home pane, click Computer &
Files.
3. In the Computer & Files information area, click
Configure.
4. On the Computer & Files Configuration pane, ensure
that virus protection is enabled, and then click
Advanced.
2 Specify your real-time scanning options, and then click OK.
To... Do this...
Detect unknown viruses and
new variants of known
viruses
Scan for unknown
Select
viruses
.
Chapter 11 McAfee Internet Security 47
To... Do this...
Detect cookies
Detect viruses and other
potential threats on drives
that are connected to your
network
Protect your computer from
buffer overflows
Specify which types of files
to scan
Scan and remove
Select
tracking cookies
Scan network drives.
Select
Enable buffer overflow
Select
protection
Click either
All files
(recommended)
.
.
or Program
files and documents only
.
Stop real-time virus protection
Although rare, there may be times when you want to temporarily
stop real-time scanning (for example, to change some scanning
options or troubleshoot a performance issue). When real-time
virus protection is disabled, your computer is not protected and
your SecurityCenter protection status is red. For more
information about protection status, see "Understanding
protection status" in the SecurityCenter help.
You can turn off real-time virus protection temporarily, and then
specify when it resumes. You can automatically resume
protection after 15, 30, 45, or 60 minutes, when your computer
restarts, or never.
1 Open the Computer & Files Configuration pane.
How?
1. On the left pane, click Advanced Menu.
2. Click Configure.
3. On the Configure pane, click Computer & Files.
2 Under Virus protection, click Off.
3 In the dialog box, select when to resume real-time scanning.
4 Click OK.
48 McAfee Internet Security
Setting custom scan options
Custom virus protection lets you scan files on demand. When you
start a custom scan, VirusScan checks your computer for viruses
and other potentially harmful items using a more comprehensive
set of scanning options. To change custom scanning options, you
must make decisions about what VirusScan checks for during a
scan. For example, you can determine whether VirusScan looks
for unknown viruses, potentially unwanted programs, such as
spyware or adware, stealth programs and rootkits (which can
grant unauthorized access to your computer), and cookies that
Web sites can use to track your behavior. You must also make
decisions about the types of files that are checked. For example,
you can determine whether VirusScan checks all files or just
program files and documents (since that is where most viruses
are detected). You can also determine whether archive files (for
example, .zip files) are included in the scan.
By default, VirusScan checks all the drives and folders on your
computer and all network drives each time it runs a custom scan;
however, you can change the default locations to suit your needs.
For example, you can scan only critical PC files, items on your
desktop, or items in your Program Files folder. Unless you want
to be responsible for initiating each custom scan yourself, you
can set up a regular schedule for scans. Scheduled scans always
check your entire computer using the default scan options. By
default, VirusScan performs a scheduled scan once a week.
If you find that you are experiencing slow scan speeds, consider
disabling the option to use minimal computer resources, but
keep in mind that higher priority will be given to virus protection
than to other tasks.
Note: When enjoying activities like watching movies, playing
games on your computer, or any activity that occupies your
entire computer screen, VirusScan pauses a number of tasks,
including automatic updates and custom scans.
Set custom scan options
You set custom scan options to customize what VirusScan looks
for during a custom scan as well as the locations and file types it
scans. Options include scanning for unknown viruses, file
archives, spyware and potentially unwanted programs, tracking
cookies, rootkits, and stealth programs. You can also set the
custom scan location to determine where VirusScan looks for
viruses and other harmful items during a custom scan. You can
scan all files, folders, and drives on your computer or you can
restrict scanning to specific folders and drives.
1 Open the Custom Scan pane.
How?
Chapter 11 McAfee Internet Security 49
1. Under Common Tasks, click Home.
2. On the SecurityCenter Home pane, click Computer &
Files.
3. In the Computer & Files information area, click
Configure.
4. On the Computer & Files Configuration pane, ensure
that virus protection is enabled, and click Advanced.
5. Click Custom Scan in the Virus Protection pane.
2 Specify your custom scanning options, and then click OK.
To... Do this...
Detect unknown viruses
and new variants of known
viruses
Detect and remove viruses
in .zip and other archive
files
Detect spyware, adware,
and other potentially
unwanted programs
Detect cookies
Detect rootkits and stealth
programs that can alter and
exploit existing Windows
system files
Use less processor power for
scans while giving higher
priority to other tasks (such
as Web browsing or opening
documents)
Specify which types of files
to scan
Scan for unknown
Select
viruses.
Select
Select
potential threats.
Select
tracking cookies.
Select
programs.
Select
computer resources
Click either
(recommended)
Scan archive files.
Scan for spyware and
Scan and remove
Scan for stealth
Scan using minimal
.
All files
or Program
files and documents only
.
3. Click Default Location to Scan and then select or clear those
locations you would like either to scan or to skip, and then click
OK:
To... Do this...
Scan all the files and folders
on your computer
Scan specific files, folders,
and drives on your
computer
(My) Computer.
Select
Clear the
box, and select one or more folders
or drives.
(My) Computer check
50 McAfee Internet Security
To... Do this...
Scan critical system files
Clear the
box, and then select the
System Files
(My) Computer check
check box.
Critical
Chapter 11 McAfee Internet Security 51
Scheduling a scan
Schedule scans to thoroughly check your computer for viruses
and other threats any day and time of the week. Scheduled scans
always check your entire computer using the default scan
options. By default, VirusScan performs a scheduled scan once a
week. If you find that you are experiencing slow scan speeds,
consider disabling the option to use minimal computer
resources, but keep in mind that higher priority will be given to
virus protection than to other tasks.
Schedule scans that thoroughly check your entire computer for
viruses and other threats using your default scan options. By
default, VirusScan performs a scheduled scan once a week.
1 Open the Scheduled Scan pane.
How?
1. Under Common Tasks, click Home.
2. On the SecurityCenter Home pane, click Computer &
Files.
3. In the Computer & Files information area, click
Configure.
4. On the Computer & Files Configuration pane, ensure
that virus protection is enabled, and click Advanced.
5. Click Scheduled Scan in the Virus Protection pane.
2 Select Enable scheduled scanning.
3 To reduce the amount of processor power normally used for
scanning, select Scan using minimal computer resources.
4 Select one or more days.
5 Specify a start time.
6 Click OK.
Tip: You can restore the default schedule by clicking Reset.
52 McAfee Internet Security
Using SystemGuards options
SystemGuards monitor, log, report, and manage potentially
unauthorized changes made to the Windows registry or critical
system files on your computer. Unauthorized registry and file
changes can harm your computer, compromise its security, and
damage valuable system files.
Registry and files changes are common and occur regularly on
your computer. Because many are harmless, SystemGuards'
default settings are configured to provide reliable, intelligent, and
real-world protection against unauthorized changes that pose
significant potential for harm. For example, when SystemGuards
detect changes that are uncommon and present a potentially
significant threat, the activity is immediately reported and
logged. Changes that are more common, but still pose some
potential for damage, are logged only. However, monitoring for
standard and low-risk changes is, by default, disabled.
SystemGuards technology can be configured to extend its
protection to any environment you like.
There are three types of SystemGuards: Program SystemGuards,
Windows SystemGuards, and Browser SystemGuards.
Program SystemGuards
Program SystemGuards detect potentially unauthorized changes
to your computer's registry and other critical files that are
essential to Windows. These important registry items and files
include ActiveX installations, startup items, Windows shell
execute hooks, and shell service object delay loads. By
monitoring these, Program SystemGuards technology stops
suspect ActiveX programs (downloaded from the Internet) in
addition to spyware and potentially unwanted programs that can
automatically launch when Windows starts.
Windows SystemGuards
Windows SystemGuards also detect potentially unauthorized
changes to your computer's registry and other critical files that
are essential to Windows. These important registry items and files
include context menu handlers, appInit DLLs, and the Windows
hosts file. By monitoring these, Windows SystemGuards
technology helps prevent your computer from sending and
receiving unauthorized or personal information over the
Internet. It also helps stop suspect programs that can bring
unwanted changes to the appearance and behavior of the
programs that are important to you and your family.
Browser SystemGuards
Chapter 11 McAfee Internet Security 53
Like Program and Windows SystemGuards, Browser
SystemGuards detect potentially unauthorized changes to your
computer's registry and other critical files that are essential to
Windows. Browser SystemGuards, however, monitor changes to
important registry items and files like Internet Explorer add-ons,
Internet Explorer URLs, and Internet Explorer security zones. By
monitoring these, Browser SystemGuards technology helps
prevent unauthorized browser activity such as redirection to
suspect Web sites, changes to browser settings and options
without your knowledge, and unwanted trusting of suspect Web
sites.
Enable SystemGuards protection
Enable SystemGuards protection to detect and alert you to
potentially unauthorized Windows registry and file changes on
your computer. Unauthorized registry and file changes can harm
your computer, compromise its security, and damage valuable
system files.
1 Open the Computer & Files Configuration pane.
How?
1. On the left pane, click Advanced Menu.
2. Click Configure.
3. On the Configure pane, click Computer & Files.
2 Under SystemGuard protection, click On.
Note: You can disable SystemGuard protection, by clicking Off.
Configure SystemGuards options
Use the SystemGuards pane to configure protection, logging, and
alerting options against unauthorized registry and file changes
associated with Windows files, programs, and Internet Explorer.
Unauthorized registry and file changes can harm your computer,
compromise its security, and damage valuable system files.
1 Open the SystemGuards pane.
1. Under Common Tasks, click Home.
2. On the SecurityCenter Home pane, click Computer &
Files.
3. In the Computer & Files information area, click
Configure.
4. On the Computer & Files Configuration pane, ensure
that SystemGuard protection is enabled, and click
Advanced.
2 Select a SystemGuard type from the list.
Program SystemGuards
Windows SystemGuards
54 McAfee Internet Security
Browser SystemGuards
3 Under I want to, do one of the following:
To detect, log, and report unauthorized registry and file
changes associated with Program, Windows, and Browsers
SystemGuards, click Show alerts.
To detect and log unauthorized registry and file changes
associated with Program, Windows, and Browsers
Systemguards, click Only log changes.
To disable detection of unauthorized registry and file
changes associated with Program, Windows, and Browser
Systemguards, click Disable the SystemGuard.
Note: For more information about SystemGuards types, see
About SystemGuards types (page 54).
About SystemGuards types
SystemGuards detect potentially unauthorized changes to your
computer's registry and other critical files that are essential to
Windows. There are three types of SystemGuards: Program
SystemGuards, Windows SystemGuards, and Browser
SystemGuards
Program SystemGuards
Program SystemGuards technology stops suspect ActiveX
programs (downloaded from the Internet) in addition to spyware
and potentially unwanted programs that can automatically
launch when Windows starts.
SystemGuard Detects...
ActiveX
Installations
Startup Items Spyware, adware, and other potentially
Windows Shell
Execute Hooks
Shell Service
Object Delay
Load
Unauthorized registry changes to ActiveX
installations that can harm your computer,
compromise its security, and damage
valuable system files.
unwanted programs that can install file
changes to startup items, allowing suspect
programs to run when you start your
computer.
Spyware, adware, and other potentially
unwanted programs that can install
Windows shell execute hooks to prevent
security programs from running properly.
Spyware, adware, and other potentially
unwanted programs that can make registry
changes to the shell service object delay load,
allowing harmful files to run when you start
your computer.
Windows SystemGuards
Chapter 11 McAfee Internet Security 55
Windows SystemGuards technology helps prevent your computer
from sending and receiving unauthorized or personal
information over the Internet. It also helps stop suspect programs
that can bring unwanted changes to the appearance and
behavior of the programs that are important to you and your
family.
SystemGuard Detects...
Context Menu
Handlers
AppInit DLLs Unauthorized registry changes to Windows
Unauthorized registry changes to Windows
context menu handlers that can affect the
appearance and behavior of Windows menus.
Context menus allow you to perform actions on
your computer, such as right-clicking files.
appInit DLLs that can allow potentially harmful
files to run when you start your computer.
Windows Hosts
File
Winlogon Shell Spyware, adware, and other potentially
Winlogon User
Init
Windows
Protocols
Winsock
Layered Service
Providers
Windows Shell
Open
Commands
Spyware, adware, and potentially unwanted
programs that can make unauthorized changes
in your Windows hosts file, allowing your
browser to be redirected to suspect Web sites
and to block software updates.
unwanted programs that can make registry
changes to the Winlogon shell, allowing other
programs to replace Windows Explorer.
Spyware, adware, and other potentially
unwanted programs that can make registry
changes to Winlogon user init, allowing suspect
programs to run when you log on to Windows.
Spyware, adware, and other potentially
unwanted programs that can make registry
changes to Windows protocols, affecting how
your computer sends and receives information
on the Internet.
Spyware, adware, and other potentially
unwanted programs that can install registry
changes to Winsock Layered Service Providers
(LSPs) to intercept and change information you
send and receive on the Internet.
Unauthorized changes to Windows shell open
commands that can allow worms and other
harmful programs to run on your computer.
Shared Task
Scheduler
Spyware, adware, and other potentially
unwanted programs that can make registry and
file changes to the shared task scheduler,
allowing potentially harmful files to run when
you start your computer.
56 McAfee Internet Security
SystemGuard Detects...
Windows
Messenger
Service
Spyware, adware, and other potentially
unwanted programs that can make registry
changes to the Windows messenger service,
allowing unsolicited ads and remotely run
programs on your computer.
Windows
Win.ini File
Browser SystemGuards
Spyware, adware, and other potentially
unwanted programs that can make changes to
the Win.ini file, allowing suspect programs to
run when you start your computer.
Browser SystemGuards technology helps prevent unauthorized
browser activity such as redirection to suspect Web sites, changes
to browser settings and options without your knowledge, and
unwanted trusting of suspect Web sites.
SystemGuard Detects...
Browser Helper
Objects
Internet Explorer
Bars
Internet Explorer
Add-ons
Spyware, adware, and other potentially
unwanted programs that can use browser
helper objects to track Web browsing and
show unsolicited ads.
Unauthorized registry changes to Internet
Explorer Bar programs, such as Search and
Favorites, that can affect the appearance and
behavior of Internet Explorer.
Spyware, adware, and other potentially
unwanted programs that can install Internet
Explorer add-ons to track Web browsing and
show unsolicited ads.
Internet Explorer
ShellBrowser
Internet Explorer
WebBrowser
Internet Explorer
URL Search Hooks
Internet Explorer
URLs
Unauthorized registry changes to the
Internet Explorer shell browser that can
affect the appearance and behavior of your
Web browser.
Unauthorized registry changes to the
Internet Explorer Web browser that can
affect the appearance and behavior of your
browser.
Spyware, adware, and other potentially
unwanted programs that can make registry
changes to Internet Explorer URL search
hooks, allowing your browser to be
redirected to suspect Web sites when
searching the Web.
Spyware, adware, and other potentially
unwanted programs that can make registry
changes to Internet Explorer URLs, affecting
browser settings.
Chapter 11 McAfee Internet Security 57
SystemGuard Detects...
Internet Explorer
Restrictions
Spyware, adware, and other potentially
unwanted programs that can make registry
changes to Internet Explorer restrictions,
affecting browser settings and options.
Internet Explorer
Security Zones
Internet Explorer
Trusted Sites
Internet Explorer
Policy
Spyware, adware, and other potentially
unwanted programs that can make registry
changes to Internet Explorer security zones,
allowing potentially harmful files to run
when you start your computer.
Spyware, adware, and other potentially
unwanted programs that can make registry
changes to Internet Explorer trusted sites,
allowing your browser to trust suspect Web
sites.
Spyware, adware, and other potentially
unwanted programs that can make registry
changes to Internet Explorer policies,
affecting the appearance and behavior of
your browser.
58 McAfee Internet Security
Using trusted lists
If VirusScan detects a file or registry change (SystemGuard),
program, or buffer overflow, it prompts you to trust or remove it.
If you trust the item and indicate that you do not want to receive
future notification about its activity, the item is added to a trusted
list and VirusScan no longer detects it or notifies you about its
activity. If an item has been added to a trusted list, but you decide
you want to block its activity, you can do so. Blocking prevents
the item from running or making any changes to your computer
without notifying you each time an attempt is made. You can also
remove an item from a trusted list. Removing allows VirusScan to
detect the item's activity again.
Manage trusted lists
Use the Trusted Lists pane to trust or block items that have been
previously detected and trusted. You can also remove an item
from a trusted list so that VirusScan detects it again.
1 Open the Trusted Lists pane.
1. Under Common Tasks, click Home.
2. On the SecurityCenter Home pane, click Computer &
Files.
3. In the Computer & Files information area, click
Configure.
4. On the Computer & Files Configuration pane, ensure
that virus protection is enabled, and click Advanced.
5. Click Trusted Lists in the Virus Protection pane.
2 Select one of the following trusted list types:
Program SystemGuards
Windows SystemGuards
Browser SystemGuards
Trusted Programs
Trusted Buffer Overflows
3 Under I want to, do one of the following:
To allow the detected item to make changes to the
Windows registry or critical system files on your computer
without notifying you, click Trust.
To block the detected item from making changes to the
Windows registry or critical system files on your computer
without notifying you, click Block.
To remove the detected item from the trusted lists, click
Remove.
Chapter 11 McAfee Internet Security 59
4 Click OK.
Note: For more information about trusted list types, see About
trusted lists types (page 59).
About trusted lists types
SystemGuards on the Trusted Lists pane represent previously
unauthorized registry and file changes that VirusScan has
detected but that you have chosen to allow from an alert of from
the Scan results pane. There are five types of trusted list types
that you can manage on the Trusted Lists pane: Program
SystemGuards, Windows SystemGuards, Browser SystemGuards,
Trusted Programs, and Trusted Buffer Overflows.
Option Description
Program
SystemGuards
Program SystemGuards on the Trusted Lists
pane represent previously unauthorized registry
and file changes that VirusScan has detected, but
that you have chosen to allow from an alert or
from the Scan Results pane.
Program SystemGuards detect unauthorized
registry and file changes associated with ActiveX
installations, startup items, Windows shell
execute hooks, and shell service object delay
load activity. These types of unauthorized
registry and file changes can harm your
computer, compromise its security, and damage
valuable system files.
Windows
SystemGuards
Windows SystemGuards on the Trusted Lists
pane represent previously unauthorized registry
and file changes that VirusScan has detected, but
that you have chosen to allow from an alert or
from the Scan Results pane.
Windows SystemGuards detect unauthorized
registry and file changes associated with context
menu handlers, appInit DLLs, the Windows
hosts file, the Winlogon shell, Winsock Layered
Service Providers (LSPs), and so on. These types
of unauthorized registry and file changes can
affect how your computer sends and receives
information over the Internet, change the
appearance and behavior of programs, and allow
suspect programs to run on your computer.
60 McAfee Internet Security
Option Description
Browser
SystemGuards
Browser SystemGuards on the Trusted Lists pane
represent previously unauthorized registry and
file changes that VirusScan has detected, but
that you have chosen to allow from an alert or
from the Scan Results pane.
Browser SystemGuards detect unauthorized
registry changes and other unwanted behavior
associated with Browser helper objects, Internet
Explorer add-ons, Internet Explorer URLs,
Internet Explorer security zones, and so on.
These types of unauthorized registry changes
can result in unwanted browser activity such as
redirection to suspect Web sites, changes to
browser settings and options, and trusting of
suspect Web sites.
Trusted
Programs
Trusted Buffer
Overflows
Trusted programs are potentially unwanted
programs that VirusScan has previously
detected, but which you have chosen to trust
from an alert or from the Scan Results pane.
Trusted buffer overflows represent previously
unwanted activity that VirusScan has detected,
but which you have chosen to to trust from an
alert or from the Scan Results pane.
Buffer overflows can harm your computer and
damage files. Buffer overflows occur when the
amount of information suspect programs or
processes store in a buffer exceeds the buffer's
capacity.
C HAPTER 12
McAfee Personal Firewall
Personal Firewall offers advanced protection for your computer
and your personal data. Personal Firewall establishes a barrier
between your computer and the Internet, silently monitoring
Internet traffic for suspicious activities.
Note: SecurityCenter reports critical and non-critical protection
problems as soon as it detects them. If you need help diagnosing
your protection problems, you can run McAfee Virtual
Technician.
In this chapter
Personal Firewall features ..........................................62
Starting Firewall ..........................................................63
Working with alerts .....................................................65
Managing informational alerts...................................67
Configuring Firewall protection.................................69
Managing programs and permissions....................... 81
Managing computer connections..............................89
Managing system services.......................................... 97
Logging, monitoring, and analysis.............................103
Learning about Internet security ...............................113
61
62 McAfee Internet Security
Personal Firewall features
Standard and custom
protection levels
Real-time
recommendations
Intelligent access
management for programs
Gaming protection
Computer startup
protection
System service port control
Manage computer
connections
HackerWatch information
integration
Lockdown Firewall
Restore Firewall
Guard against intrusion and suspicious activity using Firewall's
default or customizable protection settings.
Receive recommendations, dynamically, to help you decide
whether programs should be allowed Internet access or network
traffic should be trusted.
Manage Internet access for programs, through alerts and event
logs, and configure access permissions for specific programs.
Prevent alerts regarding intrusion attempts and suspicious
activities from distracting you during full-screen gameplay.
Protect your computer from intrusion attempts, unwanted
programs and network traffic as soon as Windows® starts.
Manage open and closed system service ports required by some
programs.
Allow and block remote connections between other computers
and your computer.
Track global hacking and intrusion patterns through
HackerWatch's Web site, which also provides current security
information about programs on your computer, as well as global
security events and Internet port statistics.
Block all inbound and outbound traffic instantly between your
computer and the Internet.
Restore Firewall's original protection settings instantly.
Advanced Trojan detection
Event logging
Monitor Internet traffic
Intrusion prevention
Sophisticated traffic
analysis
Detect and block potentially malicious applications, such as
Trojans, from sending your personal data to the Internet.
Track recent inbound, outbound, and intrusion events.
Review worldwide maps showing the source of hostile attacks and
traffic. In addition, locate detailed owner information and
geographical data for originating IP addresses. Also, analyze
inbound and outbound traffic, monitor program bandwidth and
program activity.
Protect your privacy from possible Internet threats. Using
heuristic-like functionality, we provide a tertiary layer of
protection by blocking items that display symptoms of attacks or
characteristics of hacking attempts.
Review both inbound and outbound Internet traffic and program
connections, including those that are actively listening for open
connections. This allows you to see and act upon programs that
can be vulnerable to intrusion.
C HAPTER 13
Starting Firewall
63
As soon as you install Firewall, your computer is protected from
intrusion and unwanted network traffic. In addition, you are
ready to handle alerts and manage inbound and outbound
Internet access for known and unknown programs. Smart
Recommendations and Automatic security level (with the option
selected to allow programs outgoing-only Internet access) are
automatically enabled.
Although you can disable Firewall from the Internet & Network
Configuration pane, your computer will no longer be protected
from intrusion and unwanted network traffic, and you will be
unable to effectively manage inbound and outbound Internet
connections. If you must disable firewall protection, do so
temporarily and only when necessary. You can also enable
Firewall from the Internet & Network Configuration panel.
Firewall automatically disables Windows® Firewall and sets itself
as your default firewall.
Note: To configure Firewall, open the Internet & Network
Configuration pane.
In this chapter
Start firewall protection..............................................63
Stop firewall protection ..............................................64
Start firewall protection
You can enable Firewall to protect your computer from intrusion
and unwanted network traffic, as well as manage inbound and
outbound Internet connections.
1 On the McAfee SecurityCenter pane, click Internet &
Network, and then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is disabled, click On.
64 McAfee Internet Security
Stop firewall protection
You can disable Firewall if you do not want to protect your
computer from intrusion and unwanted network traffic. When
Firewall is disabled, you cannot manage inbound or outbound
Internet connections.
1 On the McAfee SecurityCenter pane, click Internet &
Network, and then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Off.
C HAPTER 14
Working with alerts
Firewall employs an array of alerts to help you manage your
security. These alerts can be grouped into three basic types:
Red alert
Yellow alert
Green alert
Alerts can also contain information to help you decide how to
handle alerts or get information about programs running on your
computer.
In this chapter
About alerts.................................................................. 66
65
66 McAfee Internet Security
About alerts
Firewall has three basic alert types. As well, some alerts include
information to help you learn or get information about programs
running on your computer.
Red alert
A red alert appears when Firewall detects, then blocks, a Trojan
on your computer, and recommends that you scan for additional
threats. A Trojan appears to be a legitimate program, but can
disrupt, damage, and provide unauthorized access to your
computer. This alert occurs in every security level.
Yellow alert
The most common type of alert is a yellow alert, which informs
you about a program activity or network event detected by
Firewall. When this occurs, the alert describes the program
activity or network event, and then provides you with one or
more options that require your response. For example, the New
Network Connection alert appears when a computer with
Firewall installed is connected to a new network. You can specify
the level of trust that you want to assign to this new network, and
it then appears in your Networks list. If Smart Recommendations
is enabled, known programs are automatically added to the
Program Permissions pane.
Green alert
In most cases, a green alert provides basic information about an
event and does not require a response. Green alerts are disabled
by default.
User Assistance
Many Firewall alerts contain additional information to help you
manage your computer's security, which includes the following:
Learn more about this program: Launch McAfee's
global security Web site to get information about a
program that Firewall has detected on your computer.
Tell McAfee about this program: Send information to
McAfee about an unknown file that Firewall has detected
on your computer.
McAfee recommends: Advice about handling alerts. For
example, an alert can recommend that you allow access
for a program.
C HAPTER 15
Managing informational alerts
Firewall allows you to display or hide informational alerts when it
detects intrusion attempts or suspicious activity during certain
events, for example, during full-screen gameplay.
In this chapter
Display alerts while gaming........................................67
Hide informational alerts ...........................................67
Display alerts while gaming
You can allow Firewall informational alerts to be displayed when
it detects intrusion attempts or suspicious activity during
full-screen gameplay.
67
1 On the McAfee SecurityCenter pane, click Advanced Menu.
2 Click Configure.
3 On the SecurityCenter Configuration pane, under Alerts,
click Advanced.
4 On the Alert Options pane, select Show informational alerts
when gaming mode is detected.
5 Click OK.
Hide informational alerts
You can prevent Firewall informational alerts from being
displayed when it detects intrusion attempts or suspicious
activity.
1 On the McAfee SecurityCenter pane, click Advanced Menu.
2 Click Configure.
3 On the SecurityCenter Configuration pane, under Alerts,
click Advanced.
4 On the SecurityCenter Configuration pane, click
Informational Alerts.
5 On the Informational Alerts pane, do one of the following:
Select Do not show informational alerts to hide all
informational alerts.
Clear an alert to hide.
6 Click OK.
C HAPTER 16
Configuring Firewall protection
Firewall offers a number of methods to manage your security and
to tailor the way you want to respond to security events and
alerts.
After you install Firewall for the first time, your computer's
protection security level is set to Automatic and your programs
are allowed outgoing-only Internet access. However, Firewall
provides other levels, ranging from highly restrictive to highly
permissive.
Firewall also offers you the opportunity to receive
recommendations on alerts and Internet access for programs.
In this chapter
Managing Firewall security levels ..............................70
Configuring Smart Recommendations for alerts......73
Optimizing Firewall security ......................................75
Locking and restoring Firewall...................................78
69
70 McAfee Internet Security
Managing Firewall security levels
Firewall's security levels control the degree to which you want to
manage and respond to alerts. These alerts appear when it
detects unwanted network traffic and inbound and outbound
Internet connections. By default, Firewall's security level is set to
Automatic, with outgoing-only access.
When Automatic security level is set and Smart
Recommendations is enabled, yellow alerts provide the option to
either allow or block access for unknown programs that require
inbound access. Although green alerts are disabled by default,
they appear when known programs are detected and access is
automatically allowed. Allowing access lets a program create
outbound connections and listen for unsolicited inbound
connections.
Generally, the more restrictive a security level (Stealth and
Standard), the greater the number of options and alerts that are
displayed and which, in turn, must be handled by you.
The following table describes Firewall's three security levels,
starting from the most restrictive to the least:
Level Description
Stealth Blocks all inbound Internet connections, except open
ports, hiding your computer's presence on the Internet.
The firewall alerts you when new programs attempt
outbound Internet connections or receive inbound
connection requests. Blocked and added programs appear
on the Program Permissions pane.
Standard Monitors inbound and outbound connections and alerts
you when new programs attempt Internet access. Blocked
and added programs appear on the Program Permissions
pane.
Automatic Allows programs to have either incoming and outgoing
(full) or outgoing-only Internet access. The default security
level is Automatic with the option selected to allow
programs outgoing-only access.
If a program is allowed full access, then Firewall
automatically trusts it and adds it to the list of allowed
programs on the Program Permissions pane.
If a program is allowed outgoing-only access, then Firewall
automatically trusts it when making an outbound Internet
connection only. An inbound connection is not
automatically trusted.
Firewall also allows you to immediately reset your security level
to Automatic (and allow outgoing-only access) from the Restore
Firewall Defaults pane.
Chapter 16 McAfee Internet Security 71
Set security level to Stealth
You can set the Firewall security level to Stealth to block all
inbound network connections, except open ports, to hide your
computer's presence on the Internet.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Security Level pane, move the slider so that Stealth
displays as the current level.
4 Click OK.
Note: In Stealth mode, Firewall alerts you when new programs
request outbound Internet connection or receive inbound
connection requests.
Set security level to Standard
You can set the security level to Standard to monitor inbound
and outbound connections and alert you when new programs
attempt Internet access.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Security Level pane, move the slider so that Standard
displays as the current level.
4 Click OK.
Set security level to Automatic
You can set Firewall's security level to Automatic to allow either
full access or outbound-only network access.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Security Level pane, move the slider so that
Automatic displays as the current level.
4 Do one of the following:
To allow full inbound and outbound network access,
select Allow Full Access.
To allow outbound-only network access, select Allow
Outgoing-Only Access.
72 McAfee Internet Security
5 Click OK.
Note: The Allow Outgoing-Only Access is the default option.
Chapter 16 McAfee Internet Security 73
Configuring Smart Recommendations for alerts
You can configure Firewall to include, exclude, or display
recommendations in alerts when any programs try to access the
Internet. Enabling Smart Recommendations helps you decide
how to handle alerts.
When Smart Recommendations is applied (and the security level
is set to Automatic with outgoing-only access enabled), Firewall
automatically allows known programs, and blocks potentially
dangerous programs.
When Smart Recommendations is not applied, Firewall neither
allows or blocks Internet access, nor provides a recommendation
in the alert.
When Smart Recommendations is set to Show, an alert prompts
you to allow or block access, and Firewall provides a
recommendation in the alert.
Enable Smart Recommendations
You can enable Smart Recommendations for Firewall to
automatically allow or block programs, and alert you about
unrecognized and potentially dangerous programs.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Security Level pane, under Smart
Recommendations, select Apply Smart
Recommendations.
4 Click OK.
74 McAfee Internet Security
Disable Smart Recommendations
You can disable Smart Recommendations for Firewall to allow or
block programs, and alert you about unrecognized and
potentially dangerous programs. However, the alerts exclude any
recommendations about handling access for programs. If
Firewall detects a new program that is suspicious or is known to
be a possible threat, it automatically blocks the program from
accessing the Internet.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Security Level pane, under Smart
Recommendations, select Don't apply Smart
Recommendations.
4 Click OK.
Display Smart Recommendations
You can display Smart Recommendations to display only a
recommendation in the alerts so that you decide whether to allow
or block unrecognized and potentially dangerous programs.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Security Level pane, under Smart
Recommendations, select Show Smart
Recommendations.
4 Click OK.
Chapter 16 McAfee Internet Security 75
Optimizing Firewall security
The security of your computer can be compromised in many
ways. For example, some programs can attempt to connect to the
Internet as Windows® starts up. Also, sophisticated computer
users can trace (or ping) your computer to determine whether it
is connected to a network. As well, they can send information to
your computer, using the UDP protocol, in the form of message
units (datagrams). Firewall defends your computer against these
types of intrusion by allowing you to block programs from
accessing the Internet as Windows starts, allowing you to block
ping requests that help other users detect your computer on a
network, and allowing you to disable other users from sending
information to your computer in the form of message units
(datagrams).
Standard installation settings include automatic detection for the
most common intrusion attempts, such as Denial of Service
attacks or exploits. Using the standard installation settings
ensures that you are protected against these attacks and scans;
however, you can disable automatic detection for one or more
attacks or scans on the Intrusion Detection pane.
Protect your computer during startup
You can protect your computer as Windows starts up to block
new programs that did not have, and now need, Internet access
during startup. Firewall displays relevant alerts for programs that
had requested Internet access, which you can allow or block.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Security Level pane, under Security Settings, select
Enable protection during Windows startup.
4 Click OK.
Note: Blocked connections and intrusions are not logged while
startup protection is enabled.
76 McAfee Internet Security
Configure ping request settings
You can allow or prevent detection of your computer on the
network by other computer users.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Security Level pane, under Security Settings, do one
of the following:
Select Allow ICMP ping requests to allow detection of
your computer on the network using ping requests.
Clear Allow ICMP ping requests to prevent detection of
your computer on the network using ping requests.
4 Click OK.
Configure UDP settings
You can allow other network computer users to send message
units (datagrams) to your computer, using the UDP protocol.
However, you can do this only if you also have closed a system
service port to block this protocol.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Security Level pane, under Security Settings, do one
of the following:
Select Enable UDP tracking to allow other computer
users to send message units (datagrams) to your
computer.
Clear Enable UDP tracking to prevent other computer
users from sending message units (datagrams) to your
computer.
4 Click OK.
Chapter 16 McAfee Internet Security 77
Configure intrusion detection
You can detect intrusion attempts to protect your computer from
attacks and unauthorized scans. The standard Firewall setting
includes automatic detection for the most common intrusion
attempts, such as Denial of Service attacks or exploits; however,
you can disable automatic detection for one or more attacks or
scans.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Intrusion Detection.
4 Under Detect Intrusion Attempts, do one of the following:
Select a name to automatically detect the attack or scan.
Clear a name to disable automatic detection of the attack
or scan.
5 Click OK.
Configure Firewall Protection Status settings
You can configure Firewall to ignore that specific problems on
your computer are not reported to the SecurityCenter.
1 On the McAfee SecurityCenter pane, under SecurityCenter
Information, click Configure.
2 On the SecurityCenter Configuration pane, under Protection
Status, click Advanced.
3 On the Ignored Problems pane, select one or more of the
following options:
Firewall protection is disabled.
Firewall service is not running.
Firewall Protection is not installed on your computer.
Your Windows Firewall is disabled.
Outbound firewall is not installed on your computer.
4 Click OK.
78 McAfee Internet Security
Locking and restoring Firewall
Lockdown instantly blocks all inbound and outbound network
connections, including access to Web sites, e-mail, and security
updates. Lockdown has the same result as disconnecting the
network cables on your computer. You can use this setting to
block open ports on the System Services pane and to help you
isolate and troubleshoot a problem on your computer.
Lockdown Firewall instantly
You can lockdown Firewall to instantly block all network traffic
between your computer and any network, including the Internet.
1 On the McAfee SecurityCenter pane, under Common Tasks,
click Lockdown Firewall.
2 On the Lockdown Firewall pane, click Enable Firewall
Lockdown.
3 Click Yes to confirm.
Tip: You can also lockdown Firewall by right-clicking the
SecurityCenter icon in the notification area at the far right of
your taskbar, clicking Quick Links, and then clicking Lockdown
Firewall.
Unlock Firewall instantly
You can unlock Firewall to instantly allow all network traffic
between your computer and any network, including the Internet.
1 On the McAfee SecurityCenter pane, under Common Tasks,
click Lockdown Firewall.
2 On the Lockdown Enabled pane, click Disable Firewall
Lockdown.
3 Click Yes to confirm.
Chapter 16 McAfee Internet Security 79
Restore Firewall settings
You can quickly restore Firewall to its original protection settings.
This resets your security level to Automatic and allows
outgoing-only network access, enables Smart Recommendations,
restores the list of default programs and their permissions in the
Program Permissions pane, removes trusted and banned IP
addresses, and restores system services, event log settings, and
intrusion detection.
1 On the McAfee SecurityCenter pane, click Restore Firewall
Defaults.
2 On the Restore Firewall Protection Defaults pane, click
Restore Defaults.
3 Click Yes to confirm.
4 Click OK.
C HAPTER 17
Managing programs and permissions
Firewall allows you to manage and create access permissions for
existing and new programs that require inbound and outbound
Internet access. Firewall lets you control full or outbound-only
access for programs. You can also block access for programs.
In this chapter
Allowing Internet access for programs...................... 82
Allowing outbound-only access for programs.......... 84
Blocking Internet access for programs ......................85
Removing access permissions for programs.............87
Learning about programs...........................................88
81
82 McAfee Internet Security
Allowing Internet access for programs
Some programs, like Internet browsers, need to access the
Internet to function properly.
Firewall allows you use the Program Permissions page to:
Allow access for programs
Allow outbound-only access for programs
Block access for programs
You can also allow a program to have full and outbound-only
Internet access from the Outbound Events and Recent Events log.
Allow full access for a program
You can allow an existing blocked program on your computer to
have full inbound and outbound Internet access.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Program Permissions.
4 Under Program Permissions, select a program with
Blocked or Outbound-Only Access.
5 Under Action, click Allow Access.
6 Click OK.
Allow full access for a new program
You can allow a new program on your computer to have full
inbound and outbound Internet access.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Program Permissions.
4 Under Program Permissions, click Add Allowed Program.
5 In the Add Program dialog box, browse for and select the
program that you want to add, then click Open.
Note: You can change the permissions of a newly added program
as you would an existing program by selecting the program, and
then clicking Allow Outbound-Only Access or Block Access
under Action.
Chapter 17 McAfee Internet Security 83
Allow full access from the Recent Events log
You can allow an existing blocked program that appears in the
Recent Events log to have full inbound and outbound Internet
access.
1 On the McAfee SecurityCenter pane, click Advanced Menu.
2 Click Reports & Logs.
3 Under Recent Events, select the event description, and then
click Allow Access.
4 In the Program Permissions dialog, click Yes to confirm.
Related topics
View outbound events (page 105)
Allow full access from the Outbound Events log
You can allow an existing blocked program that appears in the
Outbound Events log to have full inbound and outbound Internet
access.
1 On the McAfee SecurityCenter pane, click Advanced Menu.
2 Click Reports & Logs.
3 Under Recent Events, click View Log.
4 Click Internet & Network, and then click Outbound Events.
5 Select a program, and under I want to, click Allow Access.
6 In the Program Permissions dialog, click Yes to confirm.
84 McAfee Internet Security
Allowing outbound-only access for programs
Some programs on your computer require outbound Internet
access. Firewall lets you configure program permissions to allow
outbound-only Internet access.
Allow outbound-only access for a program
You can allow a program to have outbound-only Internet access.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Program Permissions.
4 Under Program Permissions, select a program with
Blocked or Full Access.
5 Under Action, click Allow Outbound-Only Access.
6 Click OK.
Allow outbound-only access from the Recent Events log
You can allow an existing blocked program that appears in the
Recent Events log to have outbound-only Internet access.
1 On the McAfee SecurityCenter pane, click Advanced Menu.
2 Click Reports & Logs.
3 Under Recent Events, select the event description, and then
click Allow Outbound-Only Access.
4 In the Program Permissions dialog, click Yes to confirm.
Allow outbound-only access from the Outbound Events log
You can allow an existing blocked program that appears in the
Outbound Events log to have outbound-only Internet access.
1 On the McAfee SecurityCenter pane, click Advanced Menu.
2 Click Reports & Logs.
3 Under Recent Events, click View Log.
4 Click Internet & Network, and then click Outbound Events.
5 Select a program, and under I want to, click Allow
Outbound-Only Access.
6 In the Program Permissions dialog, click Yes to confirm.
Chapter 17 McAfee Internet Security 85
Blocking Internet access for programs
Firewall allows you to block programs from accessing the
Internet. Ensure that blocking a program will not interrupt with
your network connection or another program that requires
access to the Internet to function properly.
Block access for a program
You can block a program from having inbound and outbound
Internet access.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Program Permissions.
4 Under Program Permissions, select a program with Full
Access or Outbound-Only Access.
5 Under Action, click Block Access.
6 Click OK.
Block access for a new program
You can block a new program from having inbound and
outbound Internet access.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Program Permissions.
4 Under Program Permissions, click Add Blocked Program.
5 On the Add Program dialog, browse for an select the program
that you want to add, and then click Open.
Note: You can change the permissions of a newly added program
by selecting the program and then clicking Allow
Outbound-Only Access or Allow Access under Action.
86 McAfee Internet Security
Block access from the Recent Events log
You can block a program that appears in the Recent Events log
from having inbound and outbound Internet access.
1 On the McAfee SecurityCenter pane, click Advanced Menu.
2 Click Reports & Logs.
3 Under Recent Events, select the event description, and then
click Block Access.
4 In the Program Permissions dialog, click Yes to confirm.
Chapter 17 McAfee Internet Security 87
Removing access permissions for programs
Before removing a program permission, ensure that its absence
does not affect your computer's functionality or your network
connection.
Remove a program permission
You can remove a program from having any inbound or
outbound Internet access.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Program Permissions.
4 Under Program Permissions, select a program.
5 Under Action, click Remove Program Permission.
6 Click OK.
Note: Firewall prevents you from modifying some programs by
dimming and disabling certain actions.
88 McAfee Internet Security
Learning about programs
If you are unsure which program permission to apply, you can get
information about the program on McAfee's HackerWatch Web
site.
Get program information
You can get program information from McAfee's HackerWatch
Web site to decide whether to allow or block inbound and
outbound Internet access.
Note: Ensure that you are connected to the Internet so that your
browser launches McAfee's HackerWatch Web site, which
provides up-to-date information about programs, Internet access
requirements, and security threats.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Program Permissions.
4 Under Program Permissions, select a program.
5 Under Action, click Learn More.
Get program information from the Outbound Events log
From the Outbound Events log, you can get program information
from McAfee's HackerWatch Web site to decide which programs
to allow or block inbound and outbound Internet access.
Note: Ensure that you are connected to the Internet so that your
browser launches McAfee's HackerWatch Web site, which
provides up-to-date information about programs, Internet access
requirements, and security threats.
1 On the McAfee SecurityCenter pane, click Advanced Menu.
2 Click Reports & Logs.
3 Under Recent Events, select an event, and then click View
Log.
4 Click Internet & Network, and then click Outbound Events.
5 Select an IP address, and then click Learn more.
C HAPTER 18
Managing computer connections
You can configure Firewall to manage specific remote
connections to your computer by creating rules, based on
Internet Protocol addresses (IPs), that are associated with remote
computers. Computers that are associated with trusted IP
addresses can be trusted to connect to your computer and those
IPs that are unknown, suspicious, or distrusted, can be banned
from connecting to your computer.
When allowing a connection, make sure that the computer that
you trust is safe. If a trusted computer is infected with a worm or
other mechanism, your computer can be vulnerable to infection.
Also, McAfee recommends that the computer you trust is
protected by a firewall and an up-to-date antivirus program.
Firewall does not log traffic or generate event alerts from trusted
IP addresses in the Networks list.
You can ban computers that are associated with unknown,
suspicious, or distrusted IP addresses from connecting to your
computer.
89
Since Firewall blocks all unwanted traffic, it is normally not
necessary to ban an IP address. You should ban an IP address
only when you are sure that an Internet connection is a threat.
Make sure that you do not block important IP addresses, such as
your DNS or DHCP server, or other ISP-related servers.
In this chapter
About computer connections ....................................90
Banning computer connections ................................94
90 McAfee Internet Security
About computer connections
Computer connections are the connections that you create
between other computers on any network and yours. You can
add, edit, and remove IP addresses on the Networks list. These IP
addresses are associated with networks for which you want to
assign a level of trust when connecting to your computer:
Trusted, Standard, and Public.
Level Description
Trusted
Firewall allows traffic from an IP to reach your computer
through any port. Activity between the computer
associated with a Trusted IP address and your computer is
not filtered or analyzed by Firewall. By default, the first
private network that Firewall finds is listed as Trusted in
Networks list. An example of a Trusted network is a
the
computer or computers in your local or home network.
Standard
Public
Firewall controls traffic from an IP (but not from any other
computer in that network) when it connects to your
computer, and allows or blocks it according to the rules in
System Services list. Firewall logs traffic and
the
generates event alerts from Standard IP addresses. An
example of a Standard network is a computer or
computers in a corporate network.
Firewall controls traffic from a public network according to
the rules in the
Public is an Internet network in a cafe, hotel, or airport.
System Services list. An example of
When allowing a connection, make sure that the computer that
you trust is safe. If a trusted computer is infected with a worm or
other mechanism, your computer can be vulnerable to infection.
Also, McAfee recommends that the computer you trust is
protected by a firewall and an up-to-date antivirus program.
Add a computer connection
You can add a trusted, standard, or public computer connection
and its associated IP address.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Networks.
4 On the Networks pane, click Add.
5 If the computer connection is on an IPv6 network, select the
IPv6 check box.
6 Under Add Rule, do one of the following:
Select Single, and then enter the IP address in the IP
Address box.
Chapter 18 McAfee Internet Security 91
Select Range, and then enter the starting and ending IP
addresses in the From IP Address and To IP Address
boxes. If your computer connection is on an IPv6 network,
enter the starting IP address and the prefix length in the
From IP Address and Prefix Length boxes.
7 Under Type, do one of the following:
Select Trusted to specify that this computer connection is
trusted (for example, a computer in a home network).
Select Standard to specify that this computer connection
(and not the other computers in its network) is trusted (for
example, a computer in a corporate network).
Select Public to specify that this computer connection is
public (for example, a computer in an Internet café, hotel,
or airport).
8 If a system service uses Internet Connection Sharing (ICS),
you can add the following IP address range: 192.168.0.1 to
192.168.0.255.
9 Optionally, select Rule expires in, and enter the number of
days to enforce the rule.
10 Optionally, type a description for the rule.
11 Click OK.
Note: For more information about Internet Connection Sharing
(ICS), see Configure a new system service.
Add a computer from the Inbound Events log
You can add a trusted or standard computer connection and its
associated IP address from the Inbound Events log.
1 On the McAfee SecurityCenter pane, on the Common Tasks
pane, click Advanced Menu.
2 Click Reports & Logs.
3 Under Recent Events, click View Log.
4 Click Internet & Network, and then click Inbound Events.
5 Select a source IP address, and under I want to, do one of the
following:
Click Add this IP as Trusted to add this computer as
Trusted in your Networks list.
Click Add this IP as Standard to add this computer
connection as Standard in your Networks list.
6 Click Yes to confirm.
92 McAfee Internet Security
Edit a computer connection
You can edit a trusted, standard, or public computer connection
and its associated IP address.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Networks.
4 On the Networks pane, select an IP address, and then click
Edit.
5 If the computer connection is on an IPv6 network, select the
IPv6 check box.
6 Under Edit Rule, do one of the following:
Select Single, and then enter the IP address in the IP
Address box.
Select Range, and then enter the starting and ending IP
addresses in the From IP Address and To IP Address
boxes. If your computer connection is on an IPv6 network,
enter the starting IP address and the prefix length in the
From IP Address and Prefix Length boxes.
7 Under Type, do one of the following:
Select Trusted to specify that this computer connection is
trusted (for example, a computer in a home network).
Select Standard to specify that this computer connection
(and not the other computers in its network) is trusted (for
example, a computer in a corporate network).
Select Public to specify that this computer connection is
public (for example, a computer in an Internet café, hotel,
or airport).
8 Optionally, check Rule expires in, and enter the number of
days to enforce the rule.
9 Optionally, type a description for the rule.
10 Click OK.
Note: You cannot edit the default computer connection that
Firewall automatically added from a trusting private network.
Chapter 18 McAfee Internet Security 93
Remove a computer connection
You can remove a trusted, standard, or public computer
connection and its associated IP address.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Networks.
4 On the Networks pane, select an IP address, and then click
Remove.
5 Click Yes to confirm.
94 McAfee Internet Security
Banning computer connections
You can add, edit, and remove banned IP addresses in the
Banned IPs pane.
You can ban computers that are associated with unknown,
suspicious, or distrusted IP addresses from connecting to your
computer.
Since Firewall blocks all unwanted traffic, it is normally not
necessary to ban an IP address. You should ban an IP address
only when you are sure that an Internet connection is a threat.
Make sure that you do not block important IP addresses, such as
your DNS or DHCP server, or other ISP-related servers.
Add a banned computer connection
You can add a banned computer connection and its associated IP
address.
Note: Ensure that you do not block important IP addresses, such
as your DNS or DHCP server, or other ISP-related servers.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Banned IPs.
4 On the Banned IPs pane, click Add.
5 If the computer connection is on an IPv6 network, select the
IPv6 check box.
6 Under Add Rule, do one of the following:
Select Single, and then enter the IP address in the IP
Address box.
Select Range, and then enter the starting and ending IP
addresses in the From IP Address and To IP Address
boxes. If your computer connection is on an IPv6 network,
enter the starting IP address and the prefix length in the
From IP Address and Prefix Length boxes.
7 Optionally, select Rule expires in, and enter the number of
days to enforce the rule.
8 Optionally, type a description for the rule.
9 Click OK.
10 Click Yes to confirm.
Chapter 18 McAfee Internet Security 95
Edit a banned computer connection
You can edit a banned computer connection and its associated IP
address.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Banned IPs.
4 On the Banned IPs pane, click Edit.
5 If the computer connection is on an IPv6 network, select the
IPv6 check box.
6 Under Edit Rule, do one of the following:
Select Single, and then enter the IP address in the IP
Address box.
Select Range, and then enter the starting and ending IP
addresses in the From IP Address and To IP Address
boxes. If your computer connection is on an IPv6 network,
enter the starting IP address and the prefix length in the
From IP Address and Prefix Length boxes.
7 Optionally, select Rule expires in, and enter the number of
days to enforce the rule.
8 Optionally, type a description for the rule.
9 Click OK.
Remove a banned computer connection
You can remove a banned computer connection and its
associated IP address.
1 On the McAfee SecurityCenter pane, click Internet &
Network, then click Configure.
2 On the Internet & Network Configuration pane, under
Firewall protection is enabled, click Advanced.
3 On the Firewall pane, click Banned IPs.
4 On the Banned IPs pane, select an IP address, and then click
Remove.
5 Click Yes to confirm.
96 McAfee Internet Security
Ban a computer from the Inbound Events log
You can ban a computer connection and its associated IP address
from the Inbound Events log. Use this log, which lists the IP
addresses of all inbound Internet traffic, to ban an IP address that
you suspect is the source of suspicious or undesirable Internet
activity.
Add an IP address to your Banned IPs list if you want to block all
inbound Internet traffic from that IP address, regardless of
whether your System Services ports are opened or closed.
1 On the McAfee SecurityCenter pane, under Common Tasks,
click Advanced Menu.
2 Click Reports & Logs.
3 Under Recent Events, click View Log.
4 Click Internet & Network, and then click Inbound Events.
5 Select a source IP address, and under I want to, click Ban
this IP.
6 Click Yes to confirm.
Ban a computer from the Intrusion Detection Events log
You can ban a computer connection and its associated IP address
from the Intrusion Detection Events log.
1 On the McAfee SecurityCenter pane, under Common Tasks,
click Advanced Menu.
2 Click Reports & Logs.
3 Under Recent Events, click View Log.
4 Click Internet & Network, and then click Intrusion
Detection Events.
5 Select a source IP address, and under I want to, click Ban
this IP.
6 Click Yes to confirm.
C HAPTER 19
Managing system services
To work properly, certain programs (including web servers and
file-sharing server programs) must accept unsolicited
connections from other computers through designated system
service ports. Typically, Firewall closes these system service ports
because they represent the most likely source of insecurities in
your system. To accept connections from remote computers,
however, the system service ports must be open.
In this chapter
Configuring system service ports...............................98
97
98 McAfee Internet Security
Configuring system service ports
System service ports can be configured to allow or block remote
network access to a service on your computer. These system
service ports can be opened or closed for computers listed as
Trusted, Standard, or Public in your Networks list.
The list below shows the common system services and their
associated ports:
Common Operating System Port 5357
File Transfer Protocol (FTP) Ports 20-21
Mail Server (IMAP) Port 143
Mail Server (POP3) Port 110
Mail Server (SMTP) Port 25
Microsoft Directory Server (MSFT DS) Port 445
Microsoft SQL Server (MSFT SQL) Port 1433
Network Time Protocol Port 123
Remote Desktop / Remote Assistance / Terminal Server (RDP)
Port 3389
Remote Procedure Calls (RPC) Port 135
Secure Web Server (HTTPS) Port 443
Universal Plug and Play (UPNP) Port 5000
Web Server (HTTP) Port 80
Windows File Sharing (NETBIOS) Ports 137-139
System service ports can also be configured to allow a computer
to share its Internet connection with other computers connected
to it through the same network. This connection, known as
Internet Connection Sharing (ICS), allows the computer that is
sharing the connection to act as a gateway to the Internet for the
other networked computer.
Note: If your computer has an application that accepts either web
or FTP server connections, the computer sharing the connection
may need to open the associated system service port and allow
forwarding of incoming connections for those ports.
Loading...