Chapter 4 Quick Start Configuration

Configure a Rule Module

Step 6 Select the Log checkbox.

This means that the system action in question is logged and sent to the server. Generally, you will want to turn logging on for all deny rules so you can monitor event activity.

Step 7 Select a preconfigured Application class from the available list to indicate the applications whose access to files we want exercise control over. For this rule, we’ll select Quarantined applications. Note that when you click Save, selected application classes move to the top of the list.

Step 8 Select the and Write File and Write Directory checkboxes to indicate the actions we are denying.

Step 9 Now we’ll enter the system files we are protecting with this rule. In the files field, enter $All files available from the Insert File Set option.

Step 10 Click the Save button.

Next, we will create a policy to attach our rule module to.

 

Installing Management Center for Cisco Security Agents 5.2

4-16

78-17916-01

Page 115 Page 117
Page 116
Image 116
Cisco Systems DOC-78-17916 manual Quick Start Configuration Configure a Rule Module
Page 115 Page 117
Top Page Image Contents