1 Reply Latest reply on Apr 16, 2012 2:19 PM by wwarren

    failing user defined access protection rule

    mcdave

      Hi I need to create a file execution blocking rule for P2P soft

      here is an example rule i mede for torrent clients with exception of 3 specific exceptions for "ctorrent.exe" "rtorrent.exe" "torrent.exe"
      But it doesn't work as expected it simply blocks everything with "torrent" in the executable filename, the provided exclusions as well

       

      What is wrong?

       

       

      regards

      Dave

        • 1. Re: failing user defined access protection rule
          wwarren

          The graphic you posted doesn't seem to be displaying. Mind typing the rule definition out instead?

           

          As a tip, I suggest a rule that only blocks "READ" of the particular fileobject.

          This would prevent it from being launched, renamed, or deleted - but the evidence of the file existing on disk will be clearly present, plus you'd get alerts generated for each attempt of the determined user .