2 Replies Latest reply on Dec 11, 2014 5:09 AM by uzanatta

    HIPS Custom signature




      do you have any idea why I try to add an exclude path on "Exclude" section I get an error on return?


      The following is a subrule:


      Executable {Include "*"}

      Executable {Exclude "C:\\file.exe"}


      and the following the error:


      ERROR: Tag element not found in section Executable: C:\file.exe ERROR: Section <Executable> has no values


      It seems that Executable only accepts "Exclude" with "*".



        • 1. Re: HIPS Custom signature

          I think you're looking for something like this:


          Rule {

          tag "a file being created, excluding hi.exe"

          Class Files

          Id -1

          level 4

          files { Include "*" }

          Executable { Exclude { -path "*\\hi.exe" }


          directives files:create




          You can always double check syntax by using the GUI wizard instead of an expert rule. That's how I found this. You shouldn't need to specify the inclusion of any executable as well - Or rather, remove this: {Executable {Include "*"}

          • 2. Re: HIPS Custom signature



            Thank you very much.