McAfee HISCDE-AB-IA Product Guide - Page 105
Wildcards, Use of environment variables, Use of predefined variables, Table 22: Wildcards
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 105 highlights
Appendix A - Writing Custom Signatures and Exceptions Rule structure Wildcards You can use wildcards for the section values. Note the slightly different use of asterisks with paths and addresses, which normally contain forward or backward slashes. For expert subrules of signatures, the TCL wildcard scheme is used. Table 22: Wildcards Character What it represents ? (question mark) A single character. * (one asterisk) Multiple characters, including / and \ . NOTE: For paths and addresses, use ** (two asterisks) to include / and \; use * (one asterisk) to exclude / and \. | (pipe) Table 23: TCL wildcards Character ? (question mark) * (one asterisk) & (ampersand) ! (exclamation point) Wildcard escape. What it represents A single character. Multiple characters, including / and \. Example: files { Include "C:\*.txt" " } Multiple characters except / and \. Use to match the root-level contents of a folder but not any subfolders. Example: files { Include "C:\test\\&.txt" } Wildcard escape. Example: files { Include "C:\test\\yahoo!.txt" } Use of environment variables Use environment variables, the iEnv command with one parameter (the variable name) in square brackets [ ... ], as a shorthand to specify Windows file and directory path names. Environment variable iEnv SystemRoot iEnv SystemDrive What it represents C:\winnt\, where C is the drive that contains the Windows System folder. Example: files {Include [iEnv SystemRoot]\\system32\\abc.txt } C:\ where C is the drive that contains the Windows System folder. Example: files {Include [iEnv SystemDrive]\\system32\\abc.txt} Use of predefined variables Host Intrusion Prevention provides predefined variables for rule writing. These variables, are preceded by "$," and are listed below. Table 24: Windows IIS Web Server Variable Description IIS_BinDir Directory where inetinfo.exe is located IIS_Computer Machine name that IIS runs on IIS_Envelope Includes all files that IIS is allowed to access McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 105