McAfee HISCDE-AB-IA - Host Intrusion Prevention Product Manual page 125

Appendix A — Writing Custom Signatures and Exceptions
Windows custom signatures
Class Illegal API Use
Directives 32-bit processes on 32-bit
Windows OS (x32)
illegal_api_use: XP 2K3
bad_parameter x x
invalid_call x x
Class Illegal Use
Directives 32-bit processes on 32-bit
Windows OS (x32)
illegal: XP 2K3
api x x
Class ISAPI
Directives 32-bit processes on 32-bit
Windows OS (x32)
isapi: XP 2K3 V
request x
requrl x
reqquery x
rawdata x
response x
Class Program
Directives 32-bit processes on 32-bit
Windows OS (x32)
program: XP 2K3
run x x
open_with_any x x
open_with_create_thread x x
open_with_modify x x
open_with_terminate x x
open_with_wait x x
Class Registry
Directives 32-bit processes on 32-bit
Windows OS (x32)
registry: XP 2K3
create x x
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
32-bit processes on 64-bit
Windows OS (x64)
V 2K8 7 XP 2K3
x x x x x
x x x x x
32-bit processes on 64-bit
Windows OS (x64)
V 2K8 7 XP 2K3
x x x x x
32-bit processes on 64-bit
Windows OS (x64)
2K8 7 XP 2K3 V
x x
x x
x x
x x
x x
32-bit processes on 64-bit
Windows OS (x64)
V 2K8 7 XP 2K3
x x x x
x x x x
x x x x
x x x x
x x x x
x
32-bit processes on 64-bit
Windows OS (x64)
V 2K8 7 XP 2K3
x x x x x
64-bit processes on 64-bit
Windows OS (x64)
V 2K8 7 XP 2K3 V
x x x x x x
x x x x x x
64-bit processes on 64-bit
Windows OS (x64)
V 2K8 7 XP 2K3 V
x x x x x x
64-bit processes on 64-bit
Windows OS (x64)
2K8 7 XP 2K3 V
x x
x x
x x
x x
x x
64-bit processes on 64-bit
Windows OS (x64)
V 2K8 7 XP 2K3 V
x x x x x
x x x x x
x x x x x
x x x x x
x x x x x
x
64-bit processes on 64-bit
Windows OS (x64)
V 2K8 7 XP 2K3 V
x x x x x x
2K8 7
x x
x x
2K8 7
x x
2K8 7
x
x
x
x
x
2K8 7
x x
x x
x x
x x
x x
2K8 7
x x
125