Manuals / McAfee / Marine Equipment / Marine Radio

McAfee 6.1 manual Class Services, Section Values Meaning/remarks

Models: 6.1

1 201
Download 201 pages 13.13 Kb
Page 178
Image 178

McAfee® Host Intrusion Prevention 6.1 Product Guide

Writing Custom Signatures

 

Windows Custom Signatures

A

„time { Include “*” }: This section is currently not used, but must be included in this way in the rule.

„application { Include “*”}: Indicates that this rule is valid for all processes. If you’d want to limit your rule to specific processes, you would spell them out here, complete with their path name.

„user_name { Include “*” }: Indicates that this rule is valid for all users (or more precisely, the security context in which a process runs). If you’d want to limit your rule to specific user contexts, you would spell them out here in the form Local/user or Domain/user. See paragraph “Mandatory Common Sections” for details.

„directives -c -d registry:delete: Indicates that this rule covers deletion of a registry key or value. The switches –c and –d must always be used in the directives section.

Class Services

The following table lists the possible sections of the class Services.

section

values

meaning/remarks

 

 

 

Class

Services

 

 

 

 

Id

4000 - 7999

 

 

 

 

level

0, 1, 2, 3, 4

 

 

 

 

time

*

 

 

 

 

user_name

user or system account

 

 

 

 

application

path + application name

 

 

 

 

services

name of the service

either section “services” or “display_names”

 

which is the subject of

must be used; the name of a service is found

 

the operation creating

in the registry under

 

the instance

HKLM\SYSTEM\CurrentControlSet\Services\;

 

 

see Note 1

 

 

 

display_names

display name of the

this name is shown in Services Control Panel;

 

service

see Note 1

 

 

 

directives -c -d

services:delete

Deletion of a Service

 

 

 

 

services:create

Creation of a Service

 

 

 

 

services:start

Giving a start command to a service

 

 

 

 

services:stop

Giving a stop command to a service

 

 

 

 

services:pause

Giving a pause command to a service

 

 

 

 

services:continue

Giving a continue command to a service

 

 

 

 

services:startup

Modifying the startup mode of a service

 

 

 

 

services:profile_enable

Enabling a Hardware profile

 

 

 

 

services:profile_disable

Disabling a Hardware profile

 

 

 

 

services:logon

Modifying the logon information of a service

 

 

 

Note 1

The section service must contain the name of the service of the corresponding registry key under HKLM_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.

The section display_names must contain the display name of the service, the name shown in the Services Control Panel, which is found in registry value HKLM_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<name-of-service>\ DisplayName.

178

Page 177 Page 179
Page 178
Image 178
McAfee 6.1 manual Class Services, Section Values Meaning/remarks
Page 177 Page 179