cancel
Showing results for 
Search instead for 
Did you mean: 

Correct Syntax for OBJECT_SIZE Match Type Value

Hi all I was wondering if anyone could confirm the correct syntax to use with OBJECT_SIZE, I've not been able to find it documented anywhere. If anyone knows where I can find this information please let me know :-). I'm hoping to write a rule that will apply to files of less than a certain size, and whilst I can get my rule to compile it is not working as I would expect. As a POC the rule below should stop me from reading a 4 byte file named 'test.txt' with notepad. Rule { Process { Include OBJECT_NAME { -v NOTEPAD.EXE* } } Target { Match FILE { Include OBJECT_NAME { -v "**\\test.txt" } Include OBJECT_SIZE {-v " > 0 "} Include ACCESS_MASK {-v "READ"} } } } thanks for any help!
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community