McAfee HISCDE-AB-IA Product Guide - Page 113
Windows class Illegal Use, Windows class Isapi (HTTP)
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 113 highlights
Appendix A - Writing Custom Signatures and Exceptions Windows custom signatures Executable { Include "*"} user_name { Include "*" } vulnerability_name {Include "Vulnerable ActiveX Control Loading ?"} detailed_event_info { Include "0002E533-0000-0000-C000-000000000046"\"0002E511-0000-0000-C000-000000000046"} directives files:illegal_api_use:bad_parameter illegal_api_use:invalid_call attributes -not_auditable } Windows class Illegal Use The following table lists the possible sections and values for the Windows class Illegal Use: Section Class Id level time user_name Executable name directives Values Illegal_Use See Common sections. Notes One of three values: LsarLookupNames, LsarLookupSids, or ADMCOMConnect illegal:api Windows class Isapi (HTTP) The following table lists the possible sections and values for the Windows class Isapi with IIS: Section Class Id level time user_name Executable url query Values Isapi See Common sections. Notes One of the required parameters. Matched against the URL part of an incoming request. See Notes 1-4. One of the required parameters. Matched against the query part of an incoming request. See Notes 1-4. McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 113