Search

Question/Issue:
You want to know what is needed to create new pRules.


Solution:
In addition to the Symantec-supplied set of pRules, you can create new pRules using Symantec Client Firewall Administrator. This capability lets you add protection for commercially available applications for which pRules are not supplied and for internal corporate applications.

You create or modify a pRule for distribution to firewalls by configuring the following four sets of options for the pRule:

• Application identity: Specify the application’s executable file and supply a brief description of the application.
• Match names: Generate application match names, which label sets of match criteria that are used to authenticate an application’s executable file. Each match name for the pRule has separate associated match criteria.
• Match criteria: Configure the values that the pRule uses to verify the application before allowing it to run. You can configure one or more sets of match criteria for an individual pRule, with each match set containing one or more match criteria. You choose from among the following match criteria:
  

  File Version	Specify a version number or range of version numbers for the application to use as a match.
  Version Data	Specify file resource property values to use as match criteria. After you select this option, you can select one of the following: Comments, Company name, File description, Internal name, Original file name, Product name, Product version, Legal copyright, or Legal trademarks.
  Required Digest	Specify an encrypted pRule digest value to use for matching the Internet-enabled application. Using a required digest match means that the application executable must be authenticated by the digest or a security alert is triggered. It is the strongest method of verifying the authenticity of an application.
  Optional Digest	Specify an encrypted pRule digest value to use for matching the application. Using an optional digest match means that if the application executable is not validated by the digest, other rules can be applied without triggering a security alert, for example.
  File Size	Specify an application executable file size or a range of possible file sizes to use for matching the application.

  By default, Symantec Client Firewall Administrator uses the executable file name as a match criterion for the application when a pRule is added.
• Rules: Configure the Application rule that will be created on the Symantec Client Firewall client once the executable file specified by the pRule has been validated.

To create a custom pRule with Symantec Client Firewall Administrator

1. Choose the pRules tab.
2. Choose the Add icon at the bottom of the window.
3. Enter the file executable name and description of the rule.
4. In the Matches window, choose Add.
5. In the Match Criteria choose the type of digest value that best suits the rule. Consult the "Match criteria" section of this document for a description of digest values.
6. In the Rules window, choose Add.

The Add Rule window consists of several fields and tabbed pages, each of which defines a particular parameter of the rule. These parameters and their general descriptions are as follows:

Description	Identifies the rule in the rule list.
Action	Indicates whether the rule is meant to allow or block a communication.
Connection	Shows whether the rule applies to communications coming into your computer, going out of your computer, or both.
Protocol	Defines the IP protocol used by the communication: TCP, UDP, ICMP.
Ports	Details what local and remote ports are associated with the rule.
Computers	Provides the option to confine the rule to a single IP address or Host Name, and/or Network Adapters IP address.
Tracking	Specifies an event will be written to the SCF log file.

 

Document ID: 2002072215134648
Last Modified: 05/20/2006
Date Created: 07/22/2002
Operating System(s): Windows NT, Windows 2000, Windows XP Pro, Windows XP Home, Windows 95b, Windows 98, Windows Me
Product(s): Symantec Client Firewall 5.0, Symantec Client Firewall 7.1
Release(s): SCF 5.x [All Releases], SCF 7.1

Site Index · Legal Notices · Privacy Policy · Contact Us · Global Sites