cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
VPSanches
VPSanches
Level 7
Report Inappropriate Content
Message 1 of 5
‎09-13-2019 05:05 AM

Endpoint Security Exploit Prevention Expert Rules - Exception for more than one user

Jump to solution

I need to create a rule to block certain cmd commands, but, I need to exception some users.

the rule below doesn't work, can you help me?


Rule {
Process {
Include OBJECT_NAME { -v net.exe }
Include PROCESS_CMD_LINE { -v "*group*" }
Include EXP_USER_NAME {
-v "NT AUTHORITY\SYSTEM"
-v "Domain\User'
}
}
Target {
Match SECTION { Include -access "EXECUTE" }
}
}

0 Kudos
Reply
1 Solution

Accepted Solutions
Daveb3d
Reliable Contributor Daveb3d
Reliable Contributor
Report Inappropriate Content
Message 2 of 5
‎09-13-2019 05:51 PM

Re: Endpoint Security Exploit Prevention Expert Rules - Exception for more than one user

Jump to solution

Rule {
Process {
Include OBJECT_NAME { -v "net.exe" }
Include PROCESS_CMD_LINE { -v "*group*" }
Exclude USER_NAME {
-v "NT AUTHORITY\\SYSTEM"
-v "Domain\\User'
}
}
Target {
Match SECTION { Include -access "EXECUTE" }
}
}

View solution in original post

0 Kudos
Reply
4 Replies
Daveb3d
Reliable Contributor Daveb3d
Reliable Contributor
Report Inappropriate Content
Message 2 of 5
‎09-13-2019 05:51 PM

Re: Endpoint Security Exploit Prevention Expert Rules - Exception for more than one user

Jump to solution

Rule {
Process {
Include OBJECT_NAME { -v "net.exe" }
Include PROCESS_CMD_LINE { -v "*group*" }
Exclude USER_NAME {
-v "NT AUTHORITY\\SYSTEM"
-v "Domain\\User'
}
}
Target {
Match SECTION { Include -access "EXECUTE" }
}
}

View solution in original post

0 Kudos
Reply
VPSanches
VPSanches
Level 7
Report Inappropriate Content
Message 3 of 5
‎09-16-2019 04:09 AM

Re: Endpoint Security Exploit Prevention Expert Rules - Exception for more than one user

Jump to solution

thanks, worked perfectly

0 Kudos
Reply
Highlighted
SaiVishnu
McAfee Employee SaiVishnu
McAfee Employee
Report Inappropriate Content
Message 4 of 5
‎09-13-2019 11:11 PM

Re: Endpoint Security Exploit Prevention Expert Rules - Exception for more than one user

Jump to solution

Hello,

You can refer these documents and videos which you will help you in understanding the expert rule :

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27574/en_US/...

https://kc.mcafee.com/corporate/index?page=content&id=KB89677

Let me know if that helps you 🙂

Thanks 

Vishnu
McAfee

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Vishnu G
McAfee Technical Support
0 Kudos
Reply
SaiVishnu
McAfee Employee SaiVishnu
McAfee Employee
Report Inappropriate Content
Message 5 of 5
‎09-13-2019 11:14 PM

Re: Endpoint Security Exploit Prevention Expert Rules - Exception for more than one user

Jump to solution
Hello,

You can refer these documents and videos which you will help you in understanding the expert rule :

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27574/en_US/...

https://kc.mcafee.com/corporate/index?page=content&id=KB89677

Let me know if that helps you 🙂

Thanks 

Vishnu
McAfee
Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Vishnu G
McAfee Technical Support
0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC