Due to some recent attacks I was wanting to block .EXE's from running/being created in certain folders.
wanted to add some rules under access protection user defined rules.
This is just a temporary measure until I get my HIPS IPS rules sorted.
The plan was to block .EXE from being created in the ROOT folders of
my query is....do these Rules just apply to that folder or would it include "sub folders" also as there is no option to choose sub folders like the OAS policy.
this is because the folders above is where legitimate Applications place there own folders etc some of which contain .EXE's
if sub folders are not included would the entry work as above or more like this ?