Advanced Details

Some or all of the following parameters appear in the Advanced Details tab of events for the class Files. The values of these parameters can help you understand why a signature is triggered.

GUI name
Explanation
files
Name of the file that was accessed
dest file
Only applicable for renaming files: new name that the file was changed to

The following rule would prevent anybody and any process from creating the file ‘abc.txt’ in the folder C:\test\.

Rule {

Class Files

Id 4001

level 4

files { Include “C:\\test\\abc.txt” }

time { Include “*” }

application { Include “*”}

user_name { Include “*” }

directives -c -d files:create

}

The various sections of this rule have the following meaning:

Copyright © 2006 McAfee, Inc. All Rights Reserved.