Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Creating a Custom Rule that fires on Unapproved files only

Creating a Custom Rule that fires on Unapproved files only

Warning: this is a hidden undocumented and unsupported feature and is not intended for general use. Proceed with caution unless you are working with Support, Services, or Engineering.

There are situations where configuring a Custom Rule to trigger on a certain file state but not others is necessary.

The first step is to create the desired Custom Rule, for example, an Execution Control rule that Prompts with a custom notifier in a given path.  To configure this rule to only prompt on Unapproved files, follow Editing Hidden Custom Rule Properties​ to turn on the hidden properties of the rule.  After enabling the hidden properties, return to edit the Custom Rule.  At the bottom of the editing window will be a series of new properties.


From the drop down menu for File State, select Unapproved in order to set the rule to only prompt for files with a state of Unapproved (i.e. do not present the end user a prompt if the file stat is already Approved).

Save the rule and return to Editing Hidden Custom Rule Properties​ to turn the hidden settings back off; the environment should not be operated long-term with that setting enabled.

Caution: Because this is an unsupported feature, the caveat is that any modification to the rule will reset File State back to the default.  If any value of the rule needs to be changed, the hidden property needs to be set with each and every modification.
Labels (2)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: