Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How To Verify Wildcards and Macros In Paths

App Control: How To Verify Wildcards and Macros In Paths

Environment

  • App Control Agent: All Supported Versions
  • App Control Console: All Supported Versions

Objective

How to use the Agent to verify the Macro or Wildcard will expand to correctly match the desired path on the endpoint.

Resolution

Using the dascli testpattern command it is possible to test a path as entered in the Custom Rule against an actual path on the endpoint. This command does require being authenticated with the Agent to use, and will need to match to an existing path on the machine.
Example of a File Path in a Custom Rule: <CommonAppData>\Acme Accounting\*.dll

On the endpoint, using a command prompt, issue the following commands to validate the macro and wildcard will expand correctly:
cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password GlobalCLIPassword
dascli testpattern "<CommonAppData>\Acme Accounting\*.dll" "C:\ProgramData\Acme Accounting\math.dll"

This will instruct the Agent to expand the Test Pattern provided against the path on the endpoint and return either a Match or No Match result.

Additional Notes

  • Wildcards are not allowed inside of Path Macros.
  • Any path that has no slash or drive letter has "*\" (for Windows) or "*/" (for Mac and Linux) added at the beginning of the path.
  • Case Sensitivity of paths is dictated by the Operating System. Windows and macOS systems are not normally case sensitive.
  • More information can be found in the User Guide chapter, "Custom Software Rules" found on VMware Docs > Server Documentation > User Guide.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-02-2022
Views:
252
Contributors