The DASCLI ruletags command adds or deletes classification tags, or lists the current tags.
Authentication is required to use this command.
Parameters
dascli ruletags
dascli ruletags add rule_tag_string
dascli ruletags remove rule_tag_string
- No parameter
- If no parameter is specified, current classification tags are displayed. The same information is shown by the classifications command.
- add
- Add the specified classification tag.
- remove
- Delete the specified classification tag. This does not remove the tags from user mode but does remove them from the kernel driver. If a given tag is referenced by a rule, the rule might not work correctly.
- rule_tag_string
- Text of the classification tag. Tags are useful only if referenced by a rule. Almost any text can be added as a tag, such as “*\notepad.exe”. Multiple tags can be included by separating them with a comma, for example, “*\notepad.exe,*\excel.exe”, which has two tags in one string.
