McAfee HISCDE-AB-IA Product Guide - Page 121
Note 1, Advanced Details
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 121 highlights
Appendix A - Writing Custom Signatures and Exceptions Windows custom signatures Section Values services:stop services:pause services:continue services:startup services:profile_enable services:profile_disable services:logon Notes Stops a service. Pauses a service. Continues a service after a pause. Modifies the startup mode of a service. Enables a hardware profile. Disables a hardware profile. Modifies the logon information of a service. Note 1 The section service must contain the name of the service of the corresponding registry key under HKLM_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\. The section display_names must contain the display name of the service, the name shown in the Services manager, which is found in registry value HKLM_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ . Advanced Details Some or all of the following parameters appear in the Advanced Details tab of security events for the class Services. The values of these parameters can help you understand why a signature is triggered. GUI name display names services params old startup new startup logon Explanation Possible values Name of the Windows service displayed in the Services manager. System name of the Windows service in HKLM\CurrentControlSet\Services\. This may be different from the name displayed in the Services manager. Only applicable for starting a service: parameters passed to the service upon activation. Only applicable for creating or Boot, System, Automatic, Manual, Disabled changing the startup mode of a service: indicates the startup mode before it was changed or attempted to be changed. Only applicable for changing the Boot, System, Automatic, Manual, Disabled startup mode of a service: indicates the startup mode that a service has after it was changed, or that it would have if the change went through. Only applicable for changes in the logon mode of a service: logon information (system or user account)used by the service. McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 121