Configure user-defined Access Protection rules

User-defined rules supplement the protection provided by McAfee-defined rules. You can add and delete, as well as enable, disable, and change the configuration of these rules.

Tip: Best practice: For information about creating Access Protection rules to protect against ransomware, see PD25203.


  1. Select MenuPolicyPolicy Catalog, then select Endpoint Security Threat Prevention from the Product list.
  2. From the Category list, select Access Protection.
  3. Click the name of an editable policy.
  4. Click Show Advanced.
  5. Create the rule: In the Rules section, click Add.

    On the Rule page, configure rule options.

    1. In the Executables section, click Add, configure executable properties, then click Save.

      An empty Executables table indicates that the rule applies to all executables.

    2. In the User Names section, click Add, configure user name properties, then click Save.
      An empty User Names table indicates that the rule applies to all users.
    3. In the Subrules section, click Add, then configure subrule properties.
      Tip: Best practice: To avoid impacting performance, don't select the Read operation.

      In the Targets section, click Add, configure target information, then click Save three times.

  6. In the Rules section, select Block, Report, or both for the rule.
    • To select or deselect all rules under Block or Report, click Block All or Report All.
    • To disable the rule, deselect both Block and Report.
  7. Click Save.