Hi I need to create a file execution blocking rule for P2P soft
here is an example rule i mede for torrent clients with exception of 3 specific exceptions for "ctorrent.exe" "rtorrent.exe" "torrent.exe"
But it doesn't work as expected it simply blocks everything with "torrent" in the executable filename, the provided exclusions as well
What is wrong?
The graphic you posted doesn't seem to be displaying. Mind typing the rule definition out instead?
As a tip, I suggest a rule that only blocks "READ" of the particular fileobject.
This would prevent it from being launched, renamed, or deleted - but the evidence of the file existing on disk will be clearly present, plus you'd get alerts generated for each attempt of the determined user .