Loading...

Knowledge Center


Wildcard usage in Host Intrusion Prevention rules
Technical Articles ID:   KB90253
Last Modified:  2/26/2018

Environment

McAfee Host Intrusion Prevention (Host IPS) 8.0
Microsoft Windows supported operating systems

Summary

The list below shows which values permit the use of wildcards in Host IPS 8.0 IPS exceptions. The list includes commonly used values; this list is not all-inclusive.

Permitted:
  • Executable and Target Executable details:
    • File Name
    • File Description
  • IPS Parameters:
    • Detail Event Info
    • API parameter
    • User name

Not permitted:
  • Executable and Target Executable details:
    • Fingerprint
    • Signer
  • Firewall
    • FQDN rules (for example, *.domain.com)
    • Port numbers - must be a single port value, range of port values, or comma-delimited (up to four items)
    • Registry key value criteria for Location Aware Groups

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Spanish Spain
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.