- Bronze, 100 points or more
I have created a File Access Control rule as follows:
- Take the following action: Monitor
- when Applications in any of the following selected classes: <Remote Clients>
- But not in any of the following selected classes: <none.
- Attempt the following operations: Write File
- On any of these files:
This rule is actually working quite well so far, but I would like to make it more precise. Is there any way I can create an Application Class for just the Admin Shares (c$, admin$, etc.)? I don't want it trippin on open Network Shares.