When a system access point is violated, the action taken depends on
how the rule was configured.
If the rule was configured to:
Review the log file to determine which system access points were
violated and which rules detected the violations, then configure the access
protection rules to allow users access to legitimate items and prevent users
from accessing protected items.
Use these scenarios to decide which action to take as a response.
Detection type
|
Scenarios
|
Unwanted
processes
|
- If the rule
reported the violation in the log file, but did not block the violation, select
the
Block option for the rule.
- If the rule
blocked the violation, but did not report the violation in the log file, select
the
Report option for the rule.
- If the rule
blocked the violation and reported it in the log file, no action is necessary.
- If you find an
unwanted process that was not detected, edit the rule to include it as blocked.
|
Legitimate processes
|
- If the rule
reported the violation in the log file, but did not block the violation,
deselect the
Report option for the rule.
- If the rule
blocked the violation and reported it in the log file, edit the rule to exclude
the legitimate process from being blocked.
|
|