2 Replies Latest reply on Apr 14, 2010 5:16 AM by StefanT

    Wildcards in HIPS rules?

    StefanT

      Can wildcards be used in HIPS rules?

       

      For example, say I wanted to monitor a .ini file for write access but this file location although in the same folder resides on a different drive, when setting up the rule can I set the file path as follows:

       

      %ProgramFiles%\Gubbins\test.ini which would then of course monitor that file regardless of which drive it was on?

       

      Also does the wildcard %ProgramFiles% exclude both \Program Files and \Program Files (x86) simultaneously?

       

      Thanks

       

      Stefan

        • 1. Re: Wildcards in HIPS rules?

          Hi Stefan,

           

          not sure if the Program Variable can be utilized like this but yes in general you can use Wildcards in Hips Rules, below some examples:

           

          ?

           

          (question mark) A single character.

          *

           

          (asterisk) Multiple characters. user_name { Include “*” }

           

           

          &

           

          (ampersand) Multiple characters except / and \.. Use to match the root-level contents of a folder but not any subfolders. files { Include “C:\\test\\&.txt” }

           

           

          !

           

          (exclamation mark) Wildcard escape. files { Include “C:\\test\\yahoo!!.txt” }

           

           

           

          Message was edited by: dyilmaz on 4/14/10 5:05:35 AM CDT
          • 2. Re: Wildcards in HIPS rules?
            StefanT

            Cool, thanks for the reply.

             

            Stefan