Viewing the prevention rule table

The table of prevention rules is in the Prevention section of the program web interface window.

The table contains the following information:

  1. Type—Type of prevention rule. Prevention rules can have the following types:
    • Global—Created on the PCN. These prevention rules apply to hosts that are connected to this PCN server and to all SCN servers that are connected to this PCN server. Prevention rules belong to the organization for which the user is working in the program web interface.
    • Local—Created on the SCN server. These prevention rules apply only to hosts that are connected to this SCN server. Prevention rules belong to the organization for which the user is working in the program web interface (if you are using distributed solution and multitenancy mode).
  2. Name is the name of the prevention rule.
  3. Servers are names of servers with the PCN or SCN role to which the prevention rule applies.

    This field is displayed only when you are using distributed solution and multitenancy mode.

  4. Hosts is the name of the server with the Central Node component to whose hosts the prevention rule is applied.

    This field is displayed only when you are using a standalone Central Node server.

  5. File hash—Hashing algorithm applied to identify a file.

    A file can be identified based on one of the following hashing algorithms:

    • MD5.
    • SHA256.

    Clicking the link with the name of the hashing algorithm opens a list in which you can view the file hash and select one of the following actions:

    • Filter by this value.
    • Exclude from filter.
    • Find on KL TIP.
    • Find on virustotal.com (for SHA256).
    • Find events.

      When this action is performed, the Threat Hunting section opens with events that are already filtered based on the hash you selected.

    • Find alerts.

      When this action is performed, the Alerts section opens with alerts that are already filtered based on the hash you selected.

    • Enable prevention rule.
    • Disable prevention rule.
    • Delete prevention rule.
    • Copy value to clipboard.
  6. State is the current state of the prevention rule.

    A prevention rule can have one of the following states:

    • Enabled
    • Limited functionality

See also

Managing policies (prevention rules)

Viewing a prevention rule

Creating a prevention rule

Enabling and disabling a prevention rule

Deleting prevention rules

Filtering prevention rules by name

Filtering prevention rules by type

Filtering prevention rules by file hash

Filtering prevention rules by server name

Clearing a prevention rule filter

Page top