Table of Contents
Advertisement
Appendix A — Writing Custom Signatures and Exceptions
Windows custom signatures
Section
Windows class Registry
The following table lists the possible sections and values for the Windows class Registry:
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
Values
program:open_with_create_thread
program:open_with_modify
program:open_with_terminate
program:open_with_wait
Notes
•
PROCESS_SET_INFORMATION — Required
to set certain information about a process,
such as its priority class.
•
PROCESS_SUSPEND_RESUME — Required to
suspend or resume a process.
•
PROCESS_TERMINATE — Required to
terminate a process.
•
SYNCHRONIZE — Required to wait for the
process to terminate.
(Open with any access, in the user interface.)
Select to prevent this process-specific access right:
•
PROCESS_CREATE_THREAD — Required to
create a thread.
(Open with access to create a thread, in the user
interface.)
Select to prevent these process-specific access
rights:
•
PROCESS_TERMINATE — Required to
terminate a process.
•
PROCESS_CREATE_THREAD — Required to
create a thread.
•
PROCESS_VM_WRITE — Required to write to
memory.
•
PROCESS_DUP_HANDLE — Required to
duplicate a handle.
•
PROCESS_SET_INFORMATION — Required
to set certain information about a process,
such as its priority class.
•
PROCESS_SUSPEND_RESUME — Required to
suspend or resume a process.
(Open with access to modify, in the user
interface.)
Select to prevent these process-specific access
rights:
•
PROCESS_SUSPEND_RESUME — Required to
suspend or resume a process.
•
PROCESS_TERMINATE — Required to
terminate a process.
(Open with access to terminate, in the user
interface.)
Select to prevent this process-specific access right:
•
SYNCHRONIZE — Required to wait for the
process to terminate.
(Open with access to wait, in the user interface.)
NOTE:
Not available on Microsoft Vista and later
platforms.
117
Advertisement
Table of Contents
Troubleshooting
