Loading...

Knowledge Center


How to create an Endpoint Security Threat Prevention user-defined Access Protection rule for a file or folder registry
Technical Articles ID:   KB86577
Last Modified:  8/15/2018
Rated:


Environment

Endpoint Security (ENS) Threat Prevention 10.x

Summary

Use the following instructions to create a user-defined Access Protection rule for a file or folder registry.
 
ePolicy Orchestrator (ePO) managed systems:
  1. Log on to ePO.
  2. Click Menu, Policy, Policy Catalog.
  3. Select Endpoint Security Threat Prevention from the Product drop-down list.
  4. Select Access Protection from the Category drop-down list.
  5. Edit the policy and click Show Advanced
  6. Click Add in the Rules section.
  7. Add the appropriate path to block. You can include wildcards.
  8. Under Subrules, click Add and configure the subrule action as CreateDeleteRead, or Write.
  9. Define the rule type as a FilesRegistry key, or Registry value.
  10. Add the file or folder path to Include or Exclude.
  11. Save the changes.
Self-managed systems:
  1. Open Endpoint Security and log on as an administrator.
  2. Select the Threat Prevention module and click Show Advanced.
  3. Select Add from the Rules section and enable Block from the Reaction options.
  4. Add the appropriate path to block, and save the setting. You can include wildcards.
  5. Under Subrules, click Add and configure the subrule action as Create, Delete, Read, or Write.
  6. Define the rule type as a FilesRegistry key, or Registry value.
  7. Configure the parameter to Include or Exclude.
  8. Save the changes.

Rate this document

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.