cancel
Showing results for 
Search instead for 
Did you mean: 
c14us
Level 7

Custom rule: How do I make a negation rule

Hi

I'm trying to make a rule, that will filter out all signed files. And have had little succes doing it.

I have tried to make something a'la:

Executable { Exclude { -sdn "*" }}

or

Executable { Exclude { -sdn "CN=?*" }}

but I can't get it to work.

Have any of you made a rule, that succesfully exclude all Executable with a signer? (and how did you do it Smiley Happy

Regards

Claus

0 Kudos
1 Reply
shakira
Level 10

Re: Custom rule: How do I make a negation rule

I haven't made a rule like this specifically. Certificate rules are wonky. My advice is to make a similar rule via the GUI first, then preview the expert rule and modify it as desired.

0 Kudos