Environment
- App Control (Formerly CB Protection): All Supported Versions
Objective
To determine if a custom rule is still actively being used
Resolution
For File Creation Control Rules
- Under Rules > Software Rules > Edit the "Approve Write" rules and check the "Send Approval Event" box.
- Rule hits will now be shown in the console by searching in Reports > Events for Subtype = File Approved (Custom Rule)
For Execution Allow and Trusted Path Rules
- For every rule you are wanting to track, create a "Execution Control - Report" rule with the exact same parameters immediately above (i.e. next lower rank number) your Allow Execute or Trusted Path rule.
- Rule hits will now be shown in the console by searching in Reports > Events for Subtype = Report Execution (Custom Rule)
Related Content