McAfee HISCDE-AB-IA Product Guide - Page 42
Creating custom signatures with a wizard, FAQ — Use of wildcards in IPS Rules, Signatures
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 42 highlights
Configuring IPS Policies Define IPS protection Standard method Expert method file description, file name, MD5 hash fingerprint, or signer. 5 Click OK and the rule is added to the list at the top of the Subrule tab. The rule is compiled and the syntax is verified. If the rule fails verification, a dialog box describing the error appears. Fix the error and verify the rule again. For details in working with class types, operations, and parameters, aee the appropriate class section of Writing Custom Signatures and Exceptions. 5 Click OK. NOTE: You can include multiple rules in a signature. Creating custom signatures with a wizard Use the custom signature wizard to simplify creating new signatures. NOTE: Signatures created with the wizard do not offer any flexibility for the operations that the signature is protecting because you cannot change, add, or delete operations. Task For option definitions, click ? in the interface. 1 On the IPS Rules Signatures tab, click New (Wizard). 2 On the Basic Information tab, type a name and select the platform, severity level, log status, and whether to allow the creation of client rules. Click Next to continue. 3 On the Description tab, type a description of what the signature is protecting. This description appears in the IPS Event when the signature is triggered. 4 On the Rule Definition tab, select the item to protect against modifications and enter details. 5 Click OK. FAQ - Use of wildcards in IPS Rules Host IPS Rules permits the use of wildcards when entering values in certain fields. Which wildcards can I use for path and address values? For paths of files, registry keys, executables, and URLs, use these wildcards: Character ? (question mark) * (one asterisk) ** (two asterisks) | (pipe) Definition A single character. Multiple characters, excluding / and \ . Use to match the root-level contents of a folder with no subfolders. Multiple characters, including / and \ . Wildcard escape. NOTE: For ** the escape is |*|*. 42 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5