Use the following instructions to create a user-defined Access Protection rule for a file or folder registry.
ePolicy Orchestrator (ePO) managed systems:
- Log on to ePO.
- Click Menu, Policy, Policy Catalog.
- Select Endpoint Security Threat Prevention from the Product drop-down list.
- Select Access Protection from the Category drop-down list.
- Edit the policy and click Show Advanced.
- Click Add in the Rules section.
- Add the appropriate path to block. You can include wildcards.
- Under Subrules, click Add and configure the subrule action as Create, Delete, Read, or Write.
- Define the rule type as a Files, Registry key, or Registry value.
- Add the file or folder path to Include or Exclude.
- Save the changes.
Self-managed systems:
- Open Endpoint Security and log on as an administrator.
- Select the Threat Prevention module and click Show Advanced.
- Click Add in the Rules section and enable Block from the Reaction options.
- Add the appropriate path to block, and save the setting. You can include wildcards.
- Under Subrules, click Add and configure the subrule action as Create, Delete, Read, or Write.
- Define the rule type as a Files, Registry key, or Registry value.
- Configure the parameter to Include or Exclude.
- Save the changes.
NOTE: Only the Rename operation is valid when you set the Destination file parameter within the Subrule Targets.
