HIPS (creating a rule with condition)

Unanswered Question
Feb 22nd, 2009

I have a problem in CSAMC

i need to create a rule that prevents the saving of pdf files from our company's intranet .

the rule i reached is preventing the saving of all pdf files on local drive or removable media, also a rle to block the web browsers from saving pdf files

the result will block the saving from any other site.

is there a way to add a condition to the rule to preform this action when accessing a certian url

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jan.nielsen Mon, 02/23/2009 - 04:49

Unfortunately CSA does not support using URLs with the names, however you can do a rule that puts your browser in an application class when it tries to reach your intranet on it's ip address on say port 80/443, to further ensure this will only happen when you are on your internal network, you could make the rule dependant on something like MC Reachable and Internal Corporate DNS Suffix state, then create a file access rule for that application class that blocks .pdf writes.

csco11029673 Wed, 02/25/2009 - 00:23

Dear Sir,

this idea is great but i have one problem i created the application class for web browser called web browser dynamic

then i marked the radio box when dynamically defined by policy rules besides it defining rules None and then i saved

i tried to edit in the defining rule still none and can't add any defining rule

the defining rule would be we permit web browser to access the intranet ip address

my problem is adding a rule in dynamically defined


jan.nielsen Wed, 02/25/2009 - 00:28

Here is your problem, once you create a class and put the radio button, when dynamically created, you have created a dynamic application class, this means that you have to create another rule that triggers putting your browser into that class, when the application tries to reach some ip addresses on say port 80/443, so what you do is, you create a network access rule, change action to add process to application class, choose your newly created application class name, and then select when csa should put the browser into that class.

RichardSW Thu, 04/09/2009 - 15:04

If you actually accomplished this using CSA, then you would prevent the user from being able to read the PDFs at all. If you open a PDF in a browser, it still has to be cached to the drive before its viewed.

Your best defense in this case is not CSA, but a combination of NTFS permissions and IP restrictions on the Intranet server.


This Discussion