When a system access point is violated, the
action taken depends on how the rule was configured:
-
If the rule was configured to report, information is recorded in
the log file.
-
If the rule was configured to block, then the access is blocked.
Review the log file to determine which system access points were
violated and which rules detected the violations, then configure the access
protection rules to allow users access to legitimate items and prevent users
from accessing protected items.
Use these scenarios to decide which action to take as a response.
Detection Type
|
Scenarios
|
Unwanted
processes
|
- If the rule reported the violation in the log file
but did not block the violation, select the
Block option for the rule.
- If the rule blocked the violation but did not
report the violation in the log file, select the
Report option for the rule.
- If the rule blocked the violation and reported it
in the log file, no action is necessary.
- If you find an unwanted process that was not
detected, edit the rule to include it.
|
Legitimate
processes
|
- If the rule reported the violation in the log file
but did not block the violation, deselect the
Report option for the rule.
- If the rule blocked the violation and reported it
in the log file, edit the rule to exclude the legitimate process.
|
|