Symantec Management Platform (Notification Server)

 View Only

  • 1.  Detection Rule Help!!!

    Posted Jan 20, 2012 07:12 AM

    Hi,

     

    Is there a way to setup a detection rule to check for File Size. Something like this:

     

    Detection Rule should check for following file size in bytes:

    %WIN%\abc.ini File Size in bytes >= 16220

     

    Checked all available rules in Detection Check, but did not find anything that would help.

     

    Thanks

    snm1502



  • 2.  RE: Detection Rule Help!!!

    Posted Jan 20, 2012 05:42 PM

    For files with extensions other than .exe and .dll, you will need to create a custom inventory and then include the custom data class as part of your filter.



  • 3.  RE: Detection Rule Help!!!

    Posted Jan 23, 2012 01:57 AM

    Thanks for the response, Mike...

     

    We have got the detection rule modified to check for reg entry instead of file size...



  • 4.  RE: Detection Rule Help!!!

    Posted Feb 10, 2012 12:12 AM

    If registries are available, they're your best bet.  Did this resolve the issue for you?



  • 5.  RE: Detection Rule Help!!!

    Posted Feb 10, 2012 12:48 AM

    Hi Mike,

    We have modified the package itself and then detection. Actually, while setting up detection rule, we found there was nothing that would return a file size and then compare it.

    So package was modified to make a reg entry when executed and we used that entry in our detection rule, which worked :)