Jump to content

Blocking Applications


Recommended Posts

BlockProcessExecutable—blocks a process hash (ban hash via the rule, only if not trusted or LiveGrid® info is missing)
this ations ,

I do a test, one with a lock and one without a lock.
Regardless of passing through LiveGrid or not, I have specified to block the file by name.
In version 1.6, it is not necessary to pass through LiveGrid, just specify the file name.

-------------------------------
<?xml version="1.0" encoding="utf-8"?>

<rule>

    <definition>

        <process>

            <operator type="and">

                <operator type="or">

                    <condition component="FileItem" condition="is" property="FileNameWithoutExtension" value="s123456" />

                    <condition component="FileItem" condition="is" property="FileNameWithoutExtension" value="2123456" />

                </operator>

                <condition component="FileItem" property="Extension" condition="is" value="exe" />

            </operator>

        </process>

    </definition>

    <maliciousTarget name="current" />

    <actions>

        <action name="TriggerDetection" />

        <action name="BlockProcessExecutable" />

        <action name="StoreEvent" />

    </actions>

    <description>

        <name>TEST block [AVI008] </name>

        <explanation>

            BlockTEST

        </explanation>

        <maliciousCauses>

            BlockTEST

        </maliciousCauses>

        <category>

            Default

        </category>

    </description>

</rule>
------------------------------



image.png.85b4d6d165f485d245695ee321c868e7.png


image.thumb.png.8d841e2aee23093df3ffd6746a874d34.png

 

Link to comment
Share on other sites

In version 2.0, does the action BlockProcessExecutable only execute when the status in LiveGuard is untrusted or absent?

Link to comment
Share on other sites

  • Administrators
6 hours ago, jia_yang said:

In version 2.0, does the action BlockProcessExecutable only execute when the status in LiveGuard is untrusted or absent?

It's written so in the help so it should be correct. Would you like to block trusted system processes for instance?

Link to comment
Share on other sites

Posted (edited)

YES,To block a software, even if it's trusted.

Edited by jia_yang
Link to comment
Share on other sites

  • Administrators
10 minutes ago, jia_yang said:

YES,To directly disable a software, even if it's trusted.

Please contact technical support and report it as a request for feature update.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...