Custom Rules

Note:

The Custom Rules feature is supported only on the Windows client.

To review the policy for specific applications:

  1. In the Policy view, go to Access and Compliance > Application Control > Application Management > Edit Application Control Policy.
  2. Click Custom Rules.
  3. Click New.
  4. Enter a Rule Name.
  5. Enter at least one of these details:

    Notes:

    • Use the wildcard character (*) to match a specific string.

      • Enter *abc* to apply the App Rulesrule for all applications that contain the string abc in its details. For example, *abc* matches abc, xyzabc, abcxyz, xyzabcxyz.

      • Enter *abc to apply the rule for all applications ending with the string abc in its details. For example, *abc matches abc, xyzabc.

      • Enter abc* to apply the rule for all applications starting with the string abc in its details. For example, abc* matches abc, abcxyz.

    • Enter abc to apply the rule for all applications that contain only the string abc in its details. For example, abc matches abc.

    • A rule is considered True only when all non‐empty fields evaluate to True, applying a logical AND across those fields.

    • Application Name

      For example, the application name of Chrome is Google Chrome.

      To find the application name of Chrome, on a Windows PC, navigate to C:\Program Files\Google\Chrome\Application, right-click chrome and click Properties. Click the Details tab and see Product name.

    • Publisher

      For example, the publisher of Chrome is Google LLC.

      To find the publisher of Chrome, on a Windows PC, navigate to C:\Program Files\Google\Chrome\Application and see the name listed under the Company column for chrome.

    • Version

      For example, the version of Chrome is 107.0.5304.107.

      To find the version of Chrome, on a Windows PC, navigate to C:\Program Files\Google\Chrome\Application, right-click chrome and click Properties. Click the Details tab and see File version.

    • File Name

      For example, the file name of Chrome is chrome.exe.

      To find the file name of Chrome, on a Windows PC, navigate to C:\Program Files\Google\Chrome\Application.

      Note:

      Do not enter the path or directory to the file.

    • Issued By

      For example, the issuer of Chrome is DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CAI.

      To find the certificate issuer for Chrome, on a Windows PC:

      1. Navigate to C:\Program Files\Google\Chrome\Application.

      2. Right-click chrome and click Properties.

      3. Click the Digital Signatures tab.

      4. In the General tab, click View Certificate and see Issued by.

      Note:
      • If the file has several signatures, the Endpoint Security client checks all the signatures and applies the rule only if anyone of the signatures match the specified signature.

      • Only certificates with printable ASCII characters are supported.

    • Issued To

      For example, the issued to for Chrome is Google LLC.

      To find the certificate issued to for Chrome, on a Windows PC:

      1. Navigate to C:\Program Files\Google\Chrome\Application.

      2. Right-click chrome and click Properties.

      3. Click the Digital Signatures tab.

      4. Click Details.

      5. In the General tab, click View Certificate and see Issued to.

      Notes:

      • If the file has several signatures, the Endpoint Security client checks all the signatures and applies the rule only if at least one of the signatures match the specified signature.

      • Only certificates with printable ASCII characters are supported.

    • Command Line

      For example, the command line of Chrome is C:\Program Files\Google\ChromeApplication\chrome.exe.

      To find the command line for Chrome, on a Windows PC, open Task Manager. Click the Details tab and see the Command line column for the chrome.exe. If the Command line column is not visible in the table, right-click the header row, click Select columns and select Command line checkbox.

  6. Use the wildcard character (*) to match a specific string.
    • Enter *abc* to apply the rule for all applications that contain the string abc in its details. For example, *abc* matches abc, xyzabc, abcxyz, xyzabcxyz.

    • Enter *abc to apply the rule for all applications ending with the string abc in its details. For example, *abc matches abc, xyzabc.

    • Enter abc* to apply the rule for all applications starting with the string abc in its details. For example, abc* matches abc, abcxyz.

  7. Enter *abc* to apply the rule for all applications that contain the string abc in its details.
  8. Enter *abc to apply the rule for all applications ending with the string abc in its details.
  9. Enter abc* to apply the rule for all applications starting with the string abc in its details.
  10. Enter abc to apply the rule for all applications that contain only the string abc in its details.
  11. A rule is considered True only when all non‐empty fields evaluate to True, applying a logical AND across those fields.
  12. Enter application details, such as Application Name, Publisher, Version, File Name, Issued By, Issued To, and Command Line.
  13. To review the policy for an application with specific Hash:
    • In the Hash field, enter the MD5 hash key of the application.

    • Click Calculate and select the binary file of the application. The system automatically retrieves the hash and enters it in the Hash field.

  14. In the Hash field, enter the MD5 hash key of the application.
  15. Click Calculate and select the binary file of the application. The system automatically retrieves the hash and enters it in the Hash field.
  16. Click OK.
  17. Left-click the Action column to select the action.