1. Manuals
  2. Brands
  3. McAfee Manuals
  4. Software
  5. HISCDE-AB-IA - Host Intrusion Prevention
  6. Product manual

McAfee HISCDE-AB-IA - Host Intrusion Prevention Product Manual page 105

Product guide for use with epolicy orchestrator 4.5
Hide thumbs
Table of Contents

Advertisement

Appendix A — Writing Custom Signatures and Exceptions
Rule structure
Wildcards
You can use wildcards for the section values. Note the slightly different use of asterisks with
paths and addresses, which normally contain forward or backward slashes. For expert subrules
of signatures, the TCL wildcard scheme is used.
Table 22: Wildcards
Character
? (question mark)
* (one asterisk)
| (pipe)
Table 23: TCL wildcards
Character
? (question mark)
* (one asterisk)
& (ampersand)
! (exclamation point)
Use of environment variables
Use environment variables, the iEnv command with one parameter (the variable name) in square
brackets [ ... ], as a shorthand to specify Windows file and directory path names.
Environment variable
iEnv SystemRoot
iEnv SystemDrive
Use of predefined variables
Host Intrusion Prevention provides predefined variables for rule writing. These variables, are
preceded by "$," and are listed below.
Table 24: Windows IIS Web Server
Variable
IIS_BinDir
IIS_Computer
IIS_Envelope
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
What it represents
A single character.
Multiple characters, including / and \ .
NOTE:
For paths and addresses, use ** (two asterisks)
to include / and \; use * (one asterisk) to exclude / and
\.
Wildcard escape.
What it represents
A single character.
Multiple characters, including / and \. Example:
Include "C:\*.txt" " }
Multiple characters except / and \. Use to match the
root-level contents of a folder but not any subfolders.
files { Include "C:\test\\&.txt" }
Example:
files { Include
Wildcard escape. Example:
"C:\test\\yahoo!.txt" }
What it represents
C:\winnt\, where C is the drive that contains the Windows
files {Include [iEnv
System folder. Example:
SystemRoot]\\system32\\abc.txt }
C:\ where C is the drive that contains the Windows System
files {Include [iEnv
folder. Example:
SystemDrive]\\system32\\abc.txt}
Description
Directory where inetinfo.exe is located
Machine name that IIS runs on
Includes all files that IIS is allowed to access
files {
105

Advertisement

Table of Contents
loading

Related Manuals for McAfee HISCDE-AB-IA - Host Intrusion Prevention

Related Products for McAfee HISCDE-AB-IA - Host Intrusion Prevention

This manual is also suitable for:

Host intrusion prevention 8.0

Table of Contents