Example: Using Wildcards and Variables in Policy Rules
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Example: Using Wildcards and Variables in Policy Rules
The following table displays examples of using wildcards
and variables to specify a filename (regardless of location), a
file located within a specific folder or folder path, or any file
within a specific folder or folder path.
Example | Result |
|---|---|
C:\temp\a.exe | Matches only the a.exe file
and only if launched from the C:\temp folder |
%TEMP%\a.exe | Matches only the a.exe file
and only if launched from the C:\Users\<username>\AppData\Local\Temp folder
on Windows Vista and later machines or C:\Documents and
Settings\<username>\Local Settings\Temp on Windows
XP machines |
C:\temp* | Matches any file launched from the C:\temp folder
or from any folder or subfolder in a filepath that begins with C:\temp (for
example, C:\temp\folder\a.exe, C:\temp1\a.scr,
and C:\temporary\folder\b.exe) |
C:\temp\* | Matches any file launched from the C:\temp\ folder
or subfolder (for example: C:\temp\a.scr and C:\temp\temp2\b.exe) |
C:\temp\a?.exe | Matches any file beginning with a and followed
by a second character launched from the C:\temp\ folder
(for example: C:\temp\a1.exe and C:\temp\az.exe) |
C:\temp*.exe | Matches any executable file with an .exe
file extension, a filename that begins with temp, and that is launched
from the C:\ drive (for example, C:\temp1.exe and C:\temporary.exe)
and matches any executable file with an .exe file extension that
is launched from any folder or subfolder in a filepath that begins
with C:\temp (for example, C:\temp\folder\a.exe, C:\temp1\b.exe,
and C:\temporary\folder\c.exe) |
C:\temp\*.exe %SystemDrive%\temp\*.exe | Matches any executable file with an .exe
file extension that is launched from the C:\temp\ (or
equivalent %SystemDrive%\temp\ folder) or
from any folder or subfolder in a filepath that begins with C:\temp\ |
*\a.exe | Matches only the a.exe file
regardless from which location it is launched |
%SystemDrive%\%MyVar% | When %MyVar% is equal
to a filename, for example myfile.exe, this
matches that filename when launched from the %SystemDrive% folder
(in most cases C:\) |
a.exe | (Java restriction rules only) Matches
only the a.exe file regardless from which
location it is launched Java restriction rules require
you to include the .exe at the end of the filename. |
C:\temp C:\temp\ | Does not match any executable files because
the path is not a full path (partial paths must contain at least
one wildcard to be useful) |