• Only use Adaptive Mode temporarily on a small number of systems to aid in firewall rules or IPS exception tuning. Choose a representative system or small group of systems (3-5 at most) that represent the functional business units you are creating rules for.
    NOTE: This mode can create a large number of client rules on endpoint systems, and can cause significant overhead for the ePO server while processing excessive firewall client adaptive rules.

Continue reading

To create custom rule to prevent FILE operations (Create, Write, Execute, Read, etc.):

Name: <insert name>
Rule type: Files
Operations: Create, Execute, Read, Write
Parameters: path/file name
Note: The file name must include a path. If you wish to wildcard the path, begin the filename with **\ or ?:\ if you wish to wildcard the drive letter (for example: **\filename.exe or ?:\filename.exe).
You cannot use MD5 hashes with the “Files” parameter:  path/filename only.
Drive type can also be used to limit the path to a specific drive type (for example., hard drive, CD-ROM, USB, network, floppy).
Executables: Can be left blank, unless you want to limit the signature to specific processes that performs the file operation (for example, explorer.exe, cmd.exe, etc.).

Continue reading