CSA rule for remote DB access attempt

Unanswered Question
Sep 13th, 2006
User Badges:
  • Bronze, 100 points or more

I have created a File Access Control rule as follows:


- Take the following action: Monitor

- when Applications in any of the following selected classes: <Remote Clients>

- But not in any of the following selected classes: <none.

- Attempt the following operations: Write File

- On any of these files:

**\*.?db

**\*.db?

**\*.db


This rule is actually working quite well so far, but I would like to make it more precise. Is there any way I can create an Application Class for just the Admin Shares (c$, admin$, etc.)? I don't want it trippin on open Network Shares.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion