Using predefined variables

Host Intrusion Prevention provides predefined variables for rule writing. These variables are preceded by “$”.

Windows IIS Web Server

Variable
Meaning
IIS_BinDir
Directory where inetinfo.exe is located
IIS_Computer
Machine name that IIS runs on
IIS_Envelope
Includes all files that IIS is allowed to access
IIS_Exe_Dirs
Virtual directories that allow file execution including system root and IIS root"
IIS_Ftp_Dir
FTP site root directories
IIS_FTP_USR
Local ftp Anonymous user account name
IIS_FtpLogDir
FTP log files directory
IIS_IUSR
Local web anonymous user account name
IIS_IUSRD
Domain web anonymous user account name
IIS_IWAM
The IIS Web Application Manager user account name
IIS_LogFileDir
Web log files directory
IIS_LVirt_Root
All IIS virtual directories
IIS_Processes
Processes with access rights to IIS resources
IIS_Services
All the services needed for IIS to work properly

MS SQL Database Server

Variable
Meaning
MSSQL_Allowed_Access_Paths
Directories like \WINNT and \WINNT\System32 that are accessible
MSSQL_Allowed_Execution_Paths
Directories like \WINNT and \WINNT\System32 that are executable
MSSQL_Allowed_Modification_Paths
Directories like \WINNT\Temp that are modifiable
MSSQL_Auxiliary_Services
The auxiliary MS SQL services found on the system
MSSQL_Core_Services
The core MS SQL services found on the system
MSSQL_Data_Paths
All other data files associated with MS SQL that may be outside of the MSSQL_DataRoot_Path directory
MSSQL_DataRoot_Paths
The path to the MS SQL data files for each instance
MSSQL_Instances
The name of each installed MS SQL instance
MSSQL_Registry_Paths
All registry locations associated with MS SQL

Copyright © 2006 McAfee, Inc. All Rights Reserved.