Environment
- App Control: 7.2.x and Higher
Objective
Create a custom rule for Performance Optimization to allow App Control to ignore write actions in a directory
Resolution
- In the console menu, choose Rules > Software Rules
- On the Software Rules page, click the Custom tab
- Click the Add Custom Rule button
- In the Rule Name field, enter the name with which you want to identify this rule
- By default, a new custom rule is Disabled as soon as you define it and click Save. If you want the rule to take affect immediately, click Enabled in the Status field
- Choose the Platform you want this rule applied to (Windows, Mac, or Linux)
- Choose the Rule Type Performance Optimization
- Enter the remaining fields you want for this Performance Optimization rule
Additional Notes
Executions will still be monitored but Performance Optimization rules will specify folders or files to avoid tracking writes
For Windows procmon can be used to help identify potential paths and processes that may benefit from a PO rule
Related Content