4 Replies Latest reply: Apr 8, 2013 5:45 AM by Attila Polinger RSS

    VSE 8.8 Acess Protection Rule: svchost.exe - How to exclude "some" changes related with this process but not all???




      there are several actions connected with svchost.exe and some would be blocked by the acces protections rule. One of them is in the picture below but the question is: How can I allow specific processparts startet with svchost without allowing everything for  "svchost.exe". You may correct me if I get this wrong but allowing everything for svchost.exe could lead to an undedected infection or could be "misused"? This is more a question than a conclusion.



      We are testing the whole bunch of rules in Access Protection and are going to start over with a more complex set after testing period is done.



      Thanks in advance