Expert Sub-rule - General tab

Use this tab to view, create, or edit an expert signature rule.

Item
Description
Rule Name
The name of the rule. This must be unique
Type
The type of rule. When available, select from the list:
  • File type—prevents deleting or creating a file or directory. Only read and execute directives are permitted. For example, create or modify a custom signature to protect an Excel spreadsheet containing an employee list and contact information from being deleted.
  • HTTP type—prevents an illegal request to your web server. For example, create or modify a custom signature to prevent your web server from receiving a request that corrupts the server.
  • Registry type—prevents modifying a registry. Only read, enumerate, and monitor directives are allowed. For example, create or modify a custom signature to prevent modifications to browser settings for cookies.
  • Service type—prevents stopping a service. Only start and continue directives are allowed. For example, create or modify a custom signature to protect Telnet services from stopping.
Signature Information
Displays the name of the signature the rule belong to, its severity level, and its platform.
OK
Click to close the dialog box and save all changes.
Cancel
Click to close the dialog box and delete all changes.
Apply
Click to apply the changes on the tab.

 

Use the Standard method or the Wizard to create most rules. Use the Expert method only if you are familiar with TCL syntax and the semantics of writing custom signature rules.

Copyright © 2006 McAfee, Inc. All Rights Reserved.