0 Replies Latest reply on Feb 13, 2015 8:52 AM by uzanatta

    HIPS Custom Rule

    uzanatta

      Hi there,

       

      I created the following custom rule:

       

      Rule {

      tag "USB Rule"

      Class Files

      Id 4005

      level 4

      files {Include "*"}

      Executable {Include "*"}

      user_name {Include "*"}

      drive_type { Include "OtherRemovable" }

      directives files:read

      }

       

      This rule works very well whether I try to read a file but if I create a new file this rule works too (the file is blocked as well), because the new file is being created with the following "directives": read,write,attribute,create. The attribute "read" matches on of them so the file will be blocked.

       

      Is there a way to enable this behavior only when "read" attribute is matching?

       

      Thank you.

       

      Rgds,