McAfee HISCDE-AB-IA Product Guide - Page 107
Windows custom signatures, Windows class Buffer Overflow
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 107 highlights
Appendix A - Writing Custom Signatures and Exceptions Windows custom signatures Variable UAPACHE_VdocRoots UAPACHE_Vlogs UAPACHE_Vlogs_dir UIPLANET_BinDirs UIPLANET_CgiDirs UIPLANET_DocDirs UIPLANET_Process UIPLANET_Roots Description Virtual document roots Log files of virtual servers Directories for the log files of virtual servers Path to iPlanet binaries Path to CGI directories Paths to document directories Path to iPlanet ns-httpd binary Path to iPlanet root Windows custom signatures This section describes how to write custom signatures for the Windows platform. NOTE: Rules in the Windows class Files use double backslashes for paths while rules in the non-Windows class UNIX_file use a single forward slash. The class used by a signature depends on the nature of the security issue and the protection the signature can offer. Some of the classes and parameters appear in the custom signature user interface, while others do not. For those classes and parameters without a user interface, the expert method for rule creation is the only way to access them. For Windows, these classes are available: Class Buffer Overflow Files Hook Illegal API Use Illegal Use Isapi Program Registry Services SQL When to use For protection against buffer overflow For protection of file or directory operations For protection of API process hooking For protection against illegal use of the Host IPS API For protection against illegal use of the API For monitoring http requests to IIS For protection of program operations For protection of registry key and registry value operations For protection of services operations For protection of SQL operations Windows class Buffer Overflow The following table lists the possible sections and values for the Windows class Buffer Overflow: Section Class Id Values Buffer_Overflow See Common sections. Notes McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 107