Filter
Top Products
180
McAfee
®
Host Intrusion Prevention 6.1 Product Guide Writing Custom Signatures
Windows Custom Signatures
A
level 4: Assigns the Security Level ‘high’ to this rule. If the custom signature had
multiple rules, every one of these rules would need to use the same level.
Service { Include “Alerter” }: Indicates that the rule covers the service with name
“Alerter”. If the rule were to cover multiple services, you would add them in this
section in different lines.
time { Include “*” }: This section is currently not used, but must be included in this
way in the rule.
application { Include “*”}: Indicates that this rule is valid for all processes. If you’d
want to limit your rule to specific processes, you would spell them out here,
complete with their path name.
user_name { Include “*” }: Indicates that this rule is valid for all users (or more
precisely, the security context in which a process runs). If you’d want to limit your
rule to specific user contexts, you would spell them out here in the form Local/user
or Domain/user. See paragraph “Mandatory Common Sections” for details.
directives -c -d service:stop: Indicates that this rule covers deactivation of a service.
The switches –c and –d must always be used in the directives section.