Use Case 13C

Details

Prevent notepad.exe from opening a file containing custom regex pattern

  1. Open the policy group created in use case 2 (if not already open)

  2. Click “Add policies”

    case13c_1

  3. Enter “opened” into the “Search” text box OR expand “File templates” and select “Sensitive file opened”

    case13c_2

  4. Change the policy name to “Prevent notepad.exe from opening a file containing custom regex pattern” where “jsmith” is your first initial and last name.

  5. Scroll to “Process parameters.” Click the text box under “Binary names”

  6. Select “Prohibit listed binaries.” Remove the existing entries from “Custom values” and enter “notepad.exe”. Click “Done”

    case13c_3

  7. Scroll to “File parameters” and uncheck the selected “Policy assets” to clear them. Click “Done.”

    case13c_4

  8. Scroll to “Content inspection parameters.” Click the text box under “Content inspection parameters.”

    case13c_5

  9. Enter “jsmith” into the “Filter by policy asset name” search box where “jsmith” is your first initial and last name. Select the custom regex pattern created in use case 13b. Click “Done.”

    case13c_6

  10. Expand “Action configuration” and enable “Kill process” and “Display message.” Enter “Use case 13c” in the “Title” text box. Enter “Use case 13c – Prevent notepad.exe from opening a file containing custom regex pattern” in the “Body” text box. Optionally, enable the other options in the “Display message” area if desired.

case13c_7
  1. Scroll down and click “Save and exit” in the lower right hand corner.