The following table shows the fields available on the Add/Edit Memory Rule page.
Column headings on the rule table page are present when they differ from the add/edit page.
Field |
Description |
---|---|
Name |
Name by which this rule is identified in the Memory Rules table. (Required) |
Description |
Optional information about the memory rule. This can be any text you choose to enter. |
Rank (Table only) |
The rank of this rule in order of evaluation. The rule ranked ‘1’ in the table is evaluated before the rule ranked ‘2’, and so on. |
Status |
Radio buttons that make this rule Enabled or Disabled. This allows you to create a rule that you use only at certain times, or to temporarily disable the rule without losing the information used to create it. |
Expert Mode |
Radio buttons that make turn Expert Mode on and off (the default). Expert mode provides more options than standard mode but does not have all of the error-checking that other rule types have, so it is possible to create unexpected (and unwanted) outcomes without being warned during rule creation. These rules are intended for use by Carbon Black Support or Services representatives, or customers working with them. For more details, see Expert Rules. |
Platform |
Platform for which this rule is effective. This is a read-only field and the value is always Windows. Memory rules do not have any impact on non-Windows platforms. |
Action |
The action you want the App Control Agent to take when there is an attempt to access or alter a process matching this rule. For details on the options for this field when creating or editing a non-expert rule, see Table: Action Menu Options . Other actions configured in Expert rules or underlying the standard menu commands may appear in the table column for this field. |
Operation (Table only) |
The type of operation the rule affects. |
Action (Legacy) (Table only) |
This column shows actions and operations for the rule as shown in the Action column in pre-8.1.6 versions, or it shows “Expert Action(s)” in cases where expert rule information was not previously shown. This field is present strictly for continuity with older versions – you should use the separate Action and Operation columns for the most accurate description of the rule. |
Use Policy Specific Notifier |
If you choose Block or Prompt as the Action, this checkbox appears to the right of the Action choice. If you check the box, the notifier that appears when a memory rule blocks an action is the notifier specified for the Enforce Memory Rules setting in the policy for the computer on which the action was blocked. If not checked, you can choose a custom notifier from the Custom Write Notifier menu. |
Custom Write Notifier |
If you choose Block or Prompt as the Action, and you do not check the Use Policy Specific Notifier box, this menu appears. When Block is the Action, you can choose any notifier from the menu. The menu also includes a <none> option so that you can disable the notifier for this rule. When Prompt is the Action, you can choose any notifier on the menu. However, Prompt rules must display a notifier, so there is no <none> choice in this case. If you use Unified Management to create a rule that applies to more than one server, client servers will use default notifiers, even if a custom notifier is specified on the management server. |
Permissions |
The type of access you want to affect with this rule. For details on the permissions options, see Table: Permissions Menu Options . |
Target Process ( Path in table) |
The process(es) you want this rule to restrict, monitor, or allow access to. For a description of the ways you can define a target process, see Specifying Target and Source Processes. |
Source Process ( Process in table) |
This field allows you to apply the rule only when a specified Source Process requests access to the Target Process. For information on menu choices, see Table: Source Process Menu Options . For details on the options for entering a path, see Specifying Target and Source Processes. No Target Process specification is needed for Kernel Memory Access or Dynamic Code Execution rules because the Source Process applies the rule to itself. |
User or Group |
This field allows you to specify users or groups to which this rule applies. For details on specifying users or groups, see Specifying Users or Groups. |
Rule Applies To: Servers (Add/Edit page only) |
Radio buttons allow you to apply the rule to the current server, All Servers or Selected Servers. If you choose Selected Servers, a list that includes the current server and of all App Control servers managed by this server appears, each with a checkbox. In addition, policies for the servers you include appear in the Selected policies list. This field appears only if Unified Management is configured on the server you are logged into. |
Unified Server Source(Table only) |
If this is a unified rule, the name of the unified management server that created or copied the rule. |
Rule Applies To: Policies ( Policy in the table) |
Radio buttons allow you to apply the rule to All policies or Selected policies. If you choose Selected policies, a list of all policies available on your App Control Server appears, each with a checkbox. You can check as many policies as you choose. If Unified Management is configured on the server you are logged into, and if you have chosen to apply the rule to additional servers, policies for all selected servers appear in this list. |
Is Global (Table only) |
Indicates whether the rule applies to all policies ( Yes) or only selected policies ( No). |
Rule Applies To: Override Permissions (Add/Edit page only) |
Radio buttons allow you to specify whether administrators on other servers can modify rules sent via Unified Management on their own server. The options are No Override, Partial Override (allows changing rank) and Full Override (allows editing and changing rank). This field appears only if Unified Management is configured on the server you are logged into and this rule is applied to more than the current server in the Rule Applies To:Servers field. |
History |
For existing rules, a History panel on the Edit Rule page appears showing some or all of the following fields. In addition, these fields can be added as columns on the rules table page.
|