Expert Rules are text-based custom rules that can be created in the Exploit Prevention policy in ENS Threat Prevention 10.5.3+. Expert Rules provide additional parameters and allow much more flexibility than the custom rules that can be created in the Access Protection policy. It also allows system administration to control / monitor an endpoint system at a very granular level.
Expert rules do not rely on Use-Mode hooking; hence they have very minimal impact on a system’s performance. This blog post acts as a basic guide to show customers how to create them and which threats they can help block.
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDelete