Windows custom signatures

This topic describes how to write Windows custom signatures.

 

Rules in the Windows class Files use double slashes.

The class section value depends on the nature of the security issue and on the protection the rules can offer. For Windows these value are available:

Class
When to use
Files
For file or directory operations. See Class Files.
Isapi
For monitoring request to IIS. See Class Isapi.
Registry
For Registry key and value operations. See Class Registry.
Services
For Services operations. See Class Services.

Copyright © 2006 McAfee, Inc. All Rights Reserved.