<< PREVIOUS  NEXT >>

 

MEMORY EXPLOIT PROTECTION EXCLUSION

 

  1. Click Add Memory Exploit Protection Exclusion

    Picture 1043

  2. In the pop-up window, add the process name and press Enter. One entry can be added at a time. Click SAVE

    Picture 1043

  3. The rules for the RegEx patterns are provided below:

     

    Goal

    RegEx Expression

    RegEx Example

    Represented Files/ Directories

    Operating System

    Match the beginning of a line

    ^

    ^C:\\test\\path

    C:\test\path

    Windows

    Match the beginning of a line

    ^

    ^/opt/virsec

    /opt/virsec/test

    Linux

    Match the end of a line

    $

    tmp\\path$

    C:\\tmp\\path

    Windows

    Match the end of a line

    $

    test/path$

    /tmp/test/path

    Linux

    Make an expression case insensitive

    (?i)

    (?i)c:\\tmp\\test.exe

    C:\\Tmp\\Test.exe,

    c:\\tmp\\TEST.exe

    Windows

    Make an expression case insensitive

    (?i)

    : (?i)test_app

    /tmp/Test_App/

    /tmp/test_APP

    Linux

    Require at least 1 whitespace

    [ ]+

    EncodedCommand[ ]+

    powershell.exe -EncodedCommand abf2321e

    Windows

    Require at least 1 whitespace

    [ ]+

    -c[ ]+ test_cmd

    bash -c test_cmd

    bash -c test_cmd

    Linux

    Ignore arbitrary number of chars

    .*

    .*nativeImages.*.dll

    C:\\nativeImages\\test.dll,

    C:\\nativeImages\\test_123.dll

    Windows

    Ignore arbitrary number of chars

    .*

    /tmp/.*.so

    /tmp/test.so,

    /tmp/test123.so

    Linux

    Restrict a particular char to a known set

    []

    [Cc]:\\test

    c:\\test\\app.exe,

    C:\\test\\app.exe

    Windows

    Restrict a particular char to a known set

    []

    /opt/[vV]irsec

    /opt/virsec,

    /opt/Virsec

    Linux

    Table - RegEx Rules

     

  4. The table below shows a couple of RegEx examples:

     

    RegEx Examples

    Represented Files/ Directories

    Operating System

    .:\\*test.*\\*tmp\\*.*

    C:\test-1\tmp\tmp-lib.dll

    C:\test-2\tmp\tmp-lib-2.dll

    D:\test-test\tmp\tmp-lib-3.dll

    		 Windows

    C:\\ProgramData\\Amazon\\SSM\\*.*

    C:\ProgramData\Amazon\SSM\example.exe

    		 Windows

    C:\\dir1\\tmp\\tmp-lib.dll

    Specific file: C:\dir1\tmp\tmp-lib.dll

    		 Windows

    C:\\dir1\\dir2\\*.exe

    All the files with extension .exe in the directory: C:\dir1\dir2

    		 Windows

    C:\\dir1\\dir2\\*

    All the files in the directory: C:\dir1\dir2

    		 Windows

    /opt/test/tmp.*/.*

    /opt/test/tmp-1/example

    /opt/test/tmp-abc/example-2

    		 Linux

    /var/packages/.*cache.*/.*

    /var/packages/pkg-cache/program-1

    /var/packages/publisher-cache/program-2

    		 Linux

    /opt/test/tmp-1/example.sh

    Specific file: /opt/test/tmp-1/example.sh

    		 Linux

    /home/user/*.log

    All the files with extension .log in the directory: /home/user

    		 Linux

    /home/user/log/*

    All the files in the directory: /home/user/log

    		 Linux

    Table - RegEx Examples