Scribd Logo
Upload

Welcome to Scribd!

  • Temp

    Uploaded by

    Vs Apu
    12 views31 pages
    / PATH / Create Create Create $PATH_GENERAL_MALWARE as LIST(PRL_STRING); $PATH­DOWNLOADED_PROGRAM_FILES as LIST(); $PATH—DOWNLOADEd_program_files_eXCLUSIONS as LIST(1); $PATCH—DOWNLOADED_program­files_EXCLUSION as LIST(2); Create $APP—COMMON_EXECUTE_APP

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    / PATH / Create Create Create $PATH_GENERAL_MALWARE as LIST(PRL_STRING); $PATH­DOWNLOADED_PROGRAM_FILES as LIST(); $PATH—DOWNLOADEd_program_files_eXCLUSIONS as LIST(1); $PATCH—DOWNLOADED_program­files_EXCLUSION as LIST(2); Create $APP—COMMON_EXECUTE_APP

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views31 pages

    Temp

    Uploaded by

    Vs Apu
    / PATH / Create Create Create $PATH_GENERAL_MALWARE as LIST(PRL_STRING); $PATH­DOWNLOADED_PROGRAM_FILES as LIST(); $PATH—DOWNLOADEd_program_files_eXCLUSIONS as LIST(1); $PATCH—DOWNLOADED_program­files_EXCLUSION as LIST(2); Create $APP—COMMON_EXECUTE_APP

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 31

    /* @support: david.sanchez@pandasecurity.

    com @department: PandaLabs */ Declarations { /* Path */ Create Create Create Create $PATH_GENERAL_MALWARE as LIST(PRL_STRING); $PATH_DOWNLOADED_PROGRAM_FILES as LIST(PRL_STRING); $PATH_DOWNLOADED_PROGRAM_FILES_EXCLUSIONS as LIST(PRL_STRING); $PATH_COMMON_EXECUTE_APPLICATIONS as LIST(PRL_STRING);

    /* Network server Applications */ Create $APP_SERVERS_DNS as LIST(PRL_STRING); Create $APP_SERVERS_NETWORK as LIST(PRL_STRING); Create $APP_SERVERS_SQL as LIST(PRL_STRING); Create $APP_SERVERS_MAIL as LIST(PRL_STRING); Create $APP_SERVERS_WEB as LIST(PRL_STRING); /* Network client applications */ Create $APP_WEB_NAVIGATORS as LIST(PRL_STRING); Create $APP_CLIENTS_NETWORK as LIST(PRL_STRING); Create $APP_CLIENTS_EMAIL as LIST(PRL_STRING); Create $APP_CLIENTS_IM as LIST(PRL_STRING); /* Desktop Applications */ Create $APP_MULTIMEDIA_PLAYERS as LIST(PRL_STRING); Create $APP_WINDOWS_MEDIA_PLAYER as LIST(PRL_STRING); Create $PATH_APP_MULTIMEDIA_PLAYERS_EXCLUSIONS as LIST(PRL_STRING); /* Microsoft System Applications */ Create $APP_MICROSFT_SYSTEM as LIST(PRL_STRING); Create $APP_OTHERS_WINDOWS as LIST(PRL_STRING); /* Compressors */ Create $APP_COMPRESSORS as LIST(PRL_STRING); /* Office Applications */ Create $APP_PDF as LIST(PRL_STRING); Create $APP_PDF_EXCLUSIONS as LIST(PRL_STRING); Create Create Create Create $APP_MICROSOFT_WORD as LIST(PRL_STRING); $APP_MICROSOFT_EXCEL as LIST(PRL_STRING); $APP_MICROSOFT_POWERPOINT as LIST(PRL_STRING); $APP_MICROSOFT_OTHERS as LIST(PRL_STRING);

    Create $APP_OPENOFFICE as LIST(PRL_STRING); /*Debug Applications*/ Create $APP_DEBUG as LIST(PRL_STRING); /* Command line aplications */ Create $APP_SHELL as LIST(PRL_STRING); /* Text Editor */ Create $APP_EDITORS_TEXT as LIST(PRL_STRING); /* malware */

    Create Create Create Create Create

    $MALWARE_LINEAJE as LIST(PRL_STRING); $MALWARE_VIKINS as LIST(PRL_STRING); $MALWARE_BEAGLE as LIST(PRL_STRING); $MALWARE_ROUGE as LIST(PRL_STRING); $MALWARE_KEYLOGGER as LIST(PRL_STRING);

    /*Rootkit*/ Create $ROOTKIT_TDSS as LIST(PRL_STRING); /* Others */ Create $OTHERS_DANGEROUS_EXTENSIONS as LIST(PRL_STRING); Create $OTHERS_WINAMP_PLUGINGS as LIST(PRL_STRING);

    } Assignments { /* Path */ $PATH_DOWNLOADED_PROGRAM_FILES = ("", "");

    $PATH_DOWNLOADED_PROGRAM_FILES_EXCLUSIONS = ("", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "",

    "", "", ""); $PATH_GENERAL_MALWARE = ("", "", "", "");

    /* Net Server Aplications */ $APP_SERVERS_DNS = (""); $APP_SERVERS_SQL = ("", ""); $APP_SERVERS_NETWORK = ("", "", "", "", "", "", "", "", "", ""); $APP_SERVERS_MAIL = ("", "", "", ""); $APP_SERVERS_WEB = (""); /* Net Client Aplications */ $APP_WEB_NAVIGATORS = ("", "", "", "", "", "", "", "", "", ""); $APP_CLIENTS_NETWORK = ("", "", "", "", "", "", "", "", "",

    "", "", ""); $APP_CLIENTS_EMAIL = ("", "", "", "", "", "", "", "", ""); $APP_CLIENTS_IM = ("", "", "", "", "", ""); /* command line applications */ $APP_SHELL = ("", ""); /* Desktop Applications */ $APP_MULTIMEDIA_PLAYERS = ("", "", "", "", "", "", "", ""); $PATH_APP_MULTIMEDIA_PLAYERS_EXCLUSIONS = (""); $APP_WINDOWS_MEDIA_PLAYER = ("","");

    /*Debug Applications*/ $APP_DEBUG = ("", "", "", "", "", "", "", "", "", "", "", "",

    "", ""); /* Office Aplications */ $APP_PDF = ("", "", ""); $APP_PDF_EXCLUSIONS = ("", "", ""); $APP_OPENOFFICE = ("", "", ""); $APP_MICROSOFT_WORD = (""); $APP_MICROSOFT_EXCEL = (""); $APP_MICROSOFT_POWERPOINT = (""); $APP_MICROSOFT_OTHERS = ("", "", "", "", "", "", "", "", ""); /* Microsoft System Applications */ $APP_MICROSFT_SYSTEM = ("", "", "", "", "", "", "", "", ""); /* Other Windows Applications */ $APP_OTHERS_WINDOWS = (""); /* Compressors */ $APP_COMPRESSORS = ("", ""); /*Text Editors*/ $APP_EDITORS_TEXT = ("", "", "",

    "", "", "", ""); /* malware */ $MALWARE_LINEAJE = ("", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""); $MALWARE_VIKINS = ("", "", "", "", "", "", "", "", "", ""); $MALWARE_BEAGLE = ("", "", "", "",

    ""); $MALWARE_ROUGE = ( "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""); /* KeyLogger */ $MALWARE_KEYLOGGER = ("", "", "", "", "", "", "", "", "", ""); /* Rookit */ $ROOTKIT_TDSS = ("", "", "");

    /* Others */ $OTHERS_DANGEROUS_EXTENSIONS = ("", "", "", "", "", "", "", ""); $OTHERS_WINAMP_PLUGINGS = ("", "", "", "", "", "", "", ""); } /* @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Panda Applications Rules: 1000 > RuleId < 2000 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ */ /* @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Windows System Rules: 2000 > Ru leId < 3000 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ */ /* @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ General Application Rules: 3000 > RuleId < 4000 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ */ /* @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Malware Rules: 4000 > RuleId < 5 000 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ */ Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check

    { ApplicationInfo { Path in ($PATH_GENERAL_MALWARE); } TargetInfo FILE { Operation == CREATE and Path in ($ROOTKIT_TDSS); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@G roupId,@RuleShowID); } }

    Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($PATH_GENERAL_MALWARE); } TargetInfo FILE { Operation == CREATE and Path in ($MALWARE_ROUGE); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule { Header { Version == ""; Description == "";

    RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($PATH_GENERAL_MALWARE); } TargetInfo PROCESS { Operation == CREATE and Path in ($MALWARE_ROUGE); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($PATH_GENERAL_MALWARE); } TargetInfo PROCESS { Operation == CREATE and Path in ($MALWARE_LINEAJE); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); }

    } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($PATH_GENERAL_MALWARE); } TargetInfo FILE { Operation == CREATE and Path in ($MALWARE_LINEAJE); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { TargetInfo FILE { Operation == CREATE and Path in ($MALWARE_VIKINS); } }

    Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { TargetInfo PROCESS { Operation == CREATE and Path in ($MALWARE_VIKINS); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { TargetInfo FILE { Operation == CREATE and Path in ($MALWARE_BEAGLE); } }

    Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { TargetInfo PROCESS { Operation == CREATE and Path in ($MALWARE_BEAGLE); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { TargetInfo FILE { Operation == CREATE and Path == ""; } }

    Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == CRITICAL; Categories in (KRE); } Check { TargetInfo PROCESS { Operation == CREATE and Path == ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($PATH_GENERAL_MALWARE); }

    TargetInfo FILE { Operation == CREATE and Path in ($MALWARE_KEYLOGGER); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($PATH_GENERAL_MALWARE); } TargetInfo FILE { Operation == READ and Path in ($MALWARE_KEYLOGGER); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } /* @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Vulnerability Rules 5000 > RuleI d < 6000 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ */ Rule { Header { Version == "";

    Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_SERVERS_DNS); } TargetInfo FILE { Operation == CREATE and Path == ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } }

    Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_WEB_NAVIGATORS); } TargetInfo PROCESS { Operation == CREATE and Path in ($APP_SHELL,$APP_CLIENTS _NETWORK); } } Actions {

    DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } }

    Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_CLIENTS_EMAIL,$APP_CLIENTS_IM,$APP_MULTIME DIA_PLAYERS,$APP_MICROSFT_SYSTEM,$APP_EDITORS_TEXT,$APP_OTHERS_WINDOWS,$APP_MICR OSOFT_WORD,$APP_MICROSOFT_EXCEL,$APP_MICROSOFT_POWERPOINT,$APP_MICROSOFT_OTHERS, $APP_COMPRESSORS,$APP_OTHERS_WINDOWS,$APP_PDF) and Path not in (""); } TargetInfo PROCESS { Operation == CREATE and Path in ($APP_SHELL,$APP_CLIENTS _NETWORK); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE);

    } Check { ApplicationInfo { Path in ($APP_SERVERS_NETWORK); } TargetInfo PROCESS { Operation == CREATE and Path in ($APP_SHELL, $APP_CLIENT S_NETWORK); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_WEB_NAVIGATORS); } TargetInfo PROCESS { Operation == CREATE and Path in ($PATH_DOWNLOADED_PROGRA M_FILES) and Path not in ($PATH_DOWNLOADED_PROGRAM_FILES_EXCLUSIONS); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule

    { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_MULTIMEDIA_PLAYERS); } TargetInfo FILE { Operation == CREATE and Path == "" and Path not in ($PAT H_APP_MULTIMEDIA_PLAYERS_EXCLUSIONS); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } }

    Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_WINDOWS_MEDIA_PLAYER); } TargetInfo FILE

    { Operation == CREATE and Path == "" and Path != ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_EDITORS_TEXT,$APP_OTHERS_WINDOWS,$APP_MICR OSOFT_OTHERS,$APP_OTHERS_WINDOWS); } TargetInfo FILE { Operation == CREATE and Path == ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); }

    Check { ApplicationInfo { Path in ($APP_MICROSOFT_WORD); } TargetInfo FILE { Operation == CREATE and Path == "" and Path != ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_MICROSOFT_EXCEL); } TargetInfo FILE { Operation == CREATE and Path == "" and Path != ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == "";

    Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_MICROSOFT_POWERPOINT); } TargetInfo FILE { Operation == CREATE and Path == "" and Path != ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_PDF); } TargetInfo FILE { Operation == CREATE and Path == "" and Path not in($APP_ PDF_EXCLUSIONS) ; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule

    { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_OPENOFFICE); } TargetInfo FILE { Operation == CREATE and Path == ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_MICROSOFT_WORD); } TargetInfo PROCESS { Operation == CREATE and Path == ""; } } Actions {

    DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_MICROSOFT_EXCEL); } TargetInfo PROCESS { Operation == CREATE and Path == ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_MICROSOFT_POWERPOINT); } TargetInfo PROCESS

    { Operation == CREATE and Path == ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_PDF); } TargetInfo PROCESS { Operation == CREATE and Path == ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); }

    Check { ApplicationInfo { Path in ($APP_OPENOFFICE); } TargetInfo PROCESS { Operation == CREATE and Path == ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } }

    Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_SERVERS_MAIL); } TargetInfo PROCESS { Operation == CREATE and Path in ($APP_SHELL, $APP_CLIENT S_NETWORK); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header {

    Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ("", ""); } TargetInfo FILE { Operation == CREATE and Path in ($OTHERS_DANGEROUS_EXTEN SIONS); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@RuleGuid,@GroupId,@ RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ("", ""); } TargetInfo FILE { Operation == MODIFY and Path in ($OTHERS_DANGEROUS_EXTEN SIONS); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath, @RuleGuid,@GroupId,

    @RuleShowID); } }

    Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_SERVERS_WEB); } TargetInfo PROCESS { Operation == CREATE and Path in ($APP_SHELL, $APP_CLIENT S_NETWORK); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 0; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo {

    Path in ($APP_SERVERS_SQL); } TargetInfo PROCESS { Operation == CREATE and Path in ($APP_CLIENTS_NETWORK); } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 1; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path in ($APP_MULTIMEDIA_PLAYERS,$APP_EDITORS_TEXT,$APP_ OTHERS_WINDOWS,$APP_MICROSOFT_OTHERS,$APP_COMPRESSORS,$APP_WINDOWS_MEDIA_PLAYER) ; } TargetInfo PROCESS { Operation == CREATE and Path == ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == "";

    GroupId == 45; Footprint == ""; Priority == 1; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path == ""; } TargetInfo FILE { Operation == CREATE and Path == ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID); } } Rule { Header { Version == ""; Description == ""; RuleGuid == ""; GroupId == 45; Footprint == ""; Priority == 1; State == ENABLED; Severity == HIGH; Categories in (KRE); } Check { ApplicationInfo { Path == ""; } TargetInfo PROCESS { Operation == CREATE and Path == ""; } } Actions { DENY;NOTIFY(0x00450000,@AppPath,@TargetPath,@CommandLine,@RuleGu id,@GroupId,@RuleShowID);

    } }

    You might also like