cancel
Showing results for 
Search instead for 
Did you mean: 

Eliminating "$" in source & destination fields

I am getting hostname ending with "$" in both source and destination user fields, i have tried to elimnate such events but unfortunately source user field doesnt support "regex" and this is standing as a roadblock in doing so. Can we define any custom variable/rule or anything in that case that address my issue. please find the attached. Looking forward for your inputs...

4 Replies
Highlighted

Re: Eliminating "$" in source & destination fields

hey srutheen,

try receiver filter

receiver_filter.PNG

xded
Level 12
Report Inappropriate Content
Message 3 of 5

Re: Eliminating "$" in source & destination fields

You can do it like Schrodinger said there is no other option if you get the Logs via WMI.

McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Eliminating "$" in source & destination fields

xded
Level 12
Report Inappropriate Content
Message 5 of 5

Re: Eliminating "$" in source & destination fields

Andys solutions is for the option you have an ELM if not the best option is to filter these Events over the Receiver Filter rule.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator