Table of Contents
Advertisement
Appendix A — Writing Custom Signatures and Exceptions
Windows custom signatures
Section
Note 1
The section service must contain the name of the service of the corresponding registry key
under HKLM_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.
The section display_names must contain the display name of the service, the name shown in
the Services manager, which is found in registry value
HKLM_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<name-of-service>\ .
Advanced Details
Some or all of the following parameters appear in the Advanced Details tab of security events
for the class Services. The values of these parameters can help you understand why a signature
is triggered.
GUI name
display names
services
params
old startup
new startup
logon
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
Values
services:stop
services:pause
services:continue
services:startup
services:profile_enable
services:profile_disable
services:logon
Explanation
Name of the Windows service
displayed in the Services
manager.
System name of the Windows
service in
HKLM\CurrentControlSet\Services\.
This may be different from the
name displayed in the Services
manager.
Only applicable for starting a
service: parameters passed to
the service upon activation.
Only applicable for creating or
changing the startup mode of a
service: indicates the startup
mode before it was changed or
attempted to be changed.
Only applicable for changing the
startup mode of a service:
indicates the startup mode that
a service has after it was
changed, or that it would have
if the change went through.
Only applicable for changes in
the logon mode of a service:
logon information (system or
user account)used by the
service.
Notes
Stops a service.
Pauses a service.
Continues a service after a pause.
Modifies the startup mode of a service.
Enables a hardware profile.
Disables a hardware profile.
Modifies the logon information of a service.
Possible values
Boot, System, Automatic, Manual, Disabled
Boot, System, Automatic, Manual, Disabled
121
Advertisement
Table of Contents
Troubleshooting
Related Manuals for McAfee HISCDE-AB-IA - Host Intrusion Prevention
Related Products for McAfee HISCDE-AB-IA - Host Intrusion Prevention
- McAfee Agent 4.0
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE ANTI-THEFT FILE PROTECTION
- McAfee AVDCDE-AA-AA - Active Virus Defense Suite
- McAfee AVDCDE-BA-CA - Active Virus Defense Suite
- McAfee AVM85M - VirusScan For Mac
- McAfee Data Loss Prevention 9.2.1
- McAfee DFFCDE-AA-DA - Endpoint Encryption For Files