App Control: How To Verify Wildcards and Macros In Paths
Article ID: 288717
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
How to use the Agent to verify the Macro or Wildcard will expand to correctly match the desired path on the endpoint.
Environment
- App Control Agent: All Supported Versions
- App Control Console: All Supported Versions
Resolution
Using the dascli testpattern command it is possible to test a path as entered in the Custom Rule against an actual path on the endpoint. This command does require being authenticated with the Agent to use, and will need to match to an existing path on the machine.
On the endpoint, using a command prompt, issue the following commands to validate the macro and wildcard will expand correctly:
This will instruct the Agent to expand the Test Pattern provided against the path on the endpoint and return either a Match or No Match result.
Example of a File Path in a Custom Rule: <CommonAppData>\Acme Accounting\*.dll
On the endpoint, using a command prompt, issue the following commands to validate the macro and wildcard will expand correctly:
cd "C:\Program Files (x86)\Bit9\Parity Agent" dascli password GlobalCLIPassword dascli testpattern "<CommonAppData>\Acme Accounting\*.dll" "C:\ProgramData\Acme Accounting\math.dll"
This will instruct the Agent to expand the Test Pattern provided against the path on the endpoint and return either a Match or No Match result.
Additional Information
- Wildcards are not allowed inside of Path Macros.
- Any path that has no slash or drive letter has "*\" (for Windows) or "*/" (for Mac and Linux) added at the beginning of the path.
- Case Sensitivity of paths is dictated by the Operating System. Windows and macOS systems are not normally case sensitive.
- More information can be found in theĀ User Guide chapter, "Custom Software Rules" found on VMware Docs > Server Documentation > User Guide.
Feedback
Yes
No
Powered by
