Use the following steps to blacklist an application using a Host IPS 8.0 custom signature:
- Log on to the ePO console.
- Create a custom signature for Host IPS 8.0.
NOTE: See Host IPS 8.0 product documentation links after the steps for detailed information on how to create a custom signature. Ensure you set the Severity of the signature to match your IPS Protection policy to Prevent or Log the signature.
- Open the newly created custom signature and click the Subrules tab.
- Create a Subrule with the following entries:
- Select Program for Rule Type.
- Select Run target executable for Operations.
- Select New Target Executable for Parameters.
- For the Target Executable information, enter one or more of the following application information fields:
- Name - Name of the application (required)
- File Description - File description within the application executable (not a "Comment" description of the executable; see KB71735 for more details.)
- File name - Application name with or without paths (wildcards accepted; see the Wildcards and variables section of the Host IPS Product Guides for more information.)
- Fingerprint - MD5 Fingerprint
NOTE: When using the Hash data, do not enter the 0x as part of the Hash. (See KB71205 for more details.)
- Signer - Certificate of signed application (See KB71205 for more details.)
To create a Host Intrusion Prevention 8.0 custom signature, see "Appendix A — Writing Custom Signatures and Exceptions" in
PD22894 -
Host Intrusion Prevention 8.0 Product Guide.
