Table of Contents
Advertisement
Appendix A — Writing Custom Signatures and Exceptions
Windows custom signatures
Variable
UAPACHE_VdocRoots
UAPACHE_Vlogs
UAPACHE_Vlogs_dir
UIPLANET_BinDirs
UIPLANET_CgiDirs
UIPLANET_DocDirs
UIPLANET_Process
UIPLANET_Roots
Windows custom signatures
This section describes how to write custom signatures for the Windows platform.
NOTE:
Rules in the Windows class Files use double backslashes for paths while rules in the
non-Windows class UNIX_file use a single forward slash.
The class used by a signature depends on the nature of the security issue and the protection
the signature can offer. Some of the classes and parameters appear in the custom signature
user interface, while others do not. For those classes and parameters without a user interface,
the expert method for rule creation is the only way to access them. For Windows, these classes
are available:
Class
Buffer Overflow
Files
Hook
Illegal API Use
Illegal Use
Isapi
Program
Registry
Services
SQL
Windows class Buffer Overflow
The following table lists the possible sections and values for the Windows class Buffer Overflow:
Section
Class
Id
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
Description
Virtual document roots
Log files of virtual servers
Directories for the log files of virtual servers
Path to iPlanet binaries
Path to CGI directories
Paths to document directories
Path to iPlanet ns-httpd binary
Path to iPlanet root
When to use
For protection against buffer overflow
For protection of file or directory operations
For protection of API process hooking
For protection against illegal use of the Host IPS API
For protection against illegal use of the API
For monitoring http requests to IIS
For protection of program operations
For protection of registry key and registry value operations
For protection of services operations
For protection of SQL operations
Values
Buffer_Overflow
See Common sections .
Notes
107
Advertisement
Table of Contents
Troubleshooting
