Expert Rule Checker

Create, check, and enforce an Expert Rule on a client system.

Section Option Definition
Check Checks the syntax of the Expert Rule.

If the rule compilation fails, check the EndpointSecurityPlatformErrors.log file for information.

Enforce Enforces the Expert Rule to the client system immediately.

Once the rule compilation succeeds, the Enforce button becomes available.

Signature ID Indicates the assigned ID number for the signature.
Rule name Specifies or indicates the name of the rule.
Severity Specifies the severity level for the rule.
  • Informational
  • Low
  • Medium
  • High
Action Specifies the action for the rule.
  • Block — Blocks behavior that matches the signature without logging.
  • Report — Logs behavior that matches the signature without blocking.

To disable the signature, deselect Block and Report.

Rule type Specifies the rule type.

Select the rule type from the drop-down list.

  • Buffer Overflow
  • Files
  • Illegal API Use
  • Processes
  • Registry key
  • Registry value
  • Services

You can't create Network IPS Expert Rules.

Rule content Specifies the content of the rule.

Change the code to specify objects to protect or exclude.

Notes Provides more information about the item.