2 Replies Latest reply on Dec 11, 2014 5:09 AM by uzanatta

    HIPS Custom signature

    uzanatta

      Hi,

       

      do you have any idea why I try to add an exclude path on "Exclude" section I get an error on return?

       

      The following is a subrule:

       

      Executable {Include "*"}

      Executable {Exclude "C:\\file.exe"}

       

      and the following the error:

       

      ERROR: Tag element not found in section Executable: C:\file.exe ERROR: Section <Executable> has no values

       

      It seems that Executable only accepts "Exclude" with "*".

       

      Rgds,

        • 1. Re: HIPS Custom signature
          shakira

          I think you're looking for something like this:

           

          Rule {

          tag "a file being created, excluding hi.exe"

          Class Files

          Id -1

          level 4

          files { Include "*" }

          Executable { Exclude { -path "*\\hi.exe" }

          }

          directives files:create

          }

           

           

          You can always double check syntax by using the GUI wizard instead of an expert rule. That's how I found this. You shouldn't need to specify the inclusion of any executable as well - Or rather, remove this: {Executable {Include "*"}

          • 2. Re: HIPS Custom signature
            uzanatta

            Hi,

             

            Thank you very much.

             

            Rgds,