Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How to Setup a Performance Optimization Rule to Ignore Directory Writes

App Control: How to Setup a Performance Optimization Rule to Ignore Directory Writes

Environment

  • App Control: 7.2.x and Higher

Objective

Create a custom rule for Performance Optimization to allow App Control to ignore write actions in a directory


Resolution

  1. In the console menu, choose Rules > Software Rules
  2. On the Software Rules page, click the Custom tab
  3. Click the Add Custom Rule button
  4. In the Rule Name field, enter the name with which you want to identify this rule
  5. By default, a new custom rule is Disabled as soon as you define it and click Save. If you want the rule to take affect immediately, click Enabled in the Status field
  6. Choose the Platform you want this rule applied to (Windows, Mac, or Linux) 
  7. Choose the Rule Type Performance Optimization
  8. Enter the remaining fields you want for this Performance Optimization rule

Additional Notes

Executions will still be monitored but Performance Optimization rules will specify folders or files to avoid tracking writes
For Windows procmon can be used to help identify potential paths and processes that may benefit from a PO rule

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎02-05-2019
Views:
2649
Contributors