Endpoint Protection

Hello, I am experiencing a problem creating a rule that would be applied to multiple UNIX hosts with different file watch lists.  I have the rule configured to monitor standard files and high protection files.  These two file watch list will be the same for all of the UNIX hosts.  However, I need some help on how to modify the policy to watch some additional file list.  Maybe something that can be can be "checked-on" or "checked-off" during the editing of the rule application process within the SCSP Management Console.  Is there a way to use a list file rather than listing the files?  Any assistance is well appreciated.

Did you find a solution to your problem?  You can try the SEP Knowledge Base for articles that may provide some insight.  Try

http://www.symantec.com/business/support/overview.jsp?pid=54619

 

Let me know if searching there for IDS file tampering rules doesn't provide the needed solution.

 

Best,

 

Eric

 
To view the File Monitor Groups in the Host IDS File Tampering policy
1 In the management console, click Detection View.
2 In the Detection view, click Policies.
3 On the Policies page, in the Workspace tree, click the Symantec folder.
4 In the Filters pane, click Windows Policies.
5 In the policy workspace pane, select Host_IDS_File_Tampering, and then
right-click Edit Policy.
6 In the policy dialog, in the Options pane, expand the File Monitor Groups
tree to view the monitored files.

When enabling monitoring a specific group of files,
you must specify the file paths and names. The use of the
wildcard character asterisk (*) is permitted.
By default, most of the options are enabled, and numerous
files are monitored. You can use the management console
to view the list of default monitored files for each group.