0 Replies Latest reply on Feb 13, 2015 8:52 AM by uzanatta

    HIPS Custom Rule


      Hi there,


      I created the following custom rule:


      Rule {

      tag "USB Rule"

      Class Files

      Id 4005

      level 4

      files {Include "*"}

      Executable {Include "*"}

      user_name {Include "*"}

      drive_type { Include "OtherRemovable" }

      directives files:read



      This rule works very well whether I try to read a file but if I create a new file this rule works too (the file is blocked as well), because the new file is being created with the following "directives": read,write,attribute,create. The attribute "read" matches on of them so the file will be blocked.


      Is there a way to enable this behavior only when "read" attribute is matching?


      Thank you.