Reference System Filters or Templates
Question
How is the membership of a Reference System list managed?
Details
The membership of a Reference System list (created by a Reference System Whitelist policy) is managed by the filter entries in the Orange highlight below.
- File specifications: This parameter sets what will be scanned (Directories and or File types)
- Reporting filter: This parameter sets what will be reported to the SMP and stored in the CMDB
- Example configuration scenario
- There are files in the %programfiles% directory as well as c:\AppFolderA. The default filters in the template will not report the files in c:\AppFolderA.
- Use the default options in a new Reference System Whitelist policy and create an additional filter for the c:\AppFolderA and then add that filter to the File specifications parameter below. See Creating a New File Specification Filter for Scanning or Inventory for information on how to create an additional filter for c:\AppFolderA.
Pre-built filters in the Templates
- There are a number of pre-built filters (or templates) which can be used to configure the File specifications and Reporting filters. The example below is a clone of an existing filter. The new filter is #9 and the existing filter is #8 - "Executables in Windows Directories not present in Security Catalogs" (Note: #8 is a good example filter to clone for creating custom filters for a whole system as it has the appropriate exclusions already).
- The pre-built filters are show under File Inventory > Filters > File Specifications and may be used as templates in any policy.
- Customization of the filters can be necessary when Software packages install outside of the standard Program Files folder.
Filtering options
- Wildcard(s) - this paramter filters the file name either for a specific name given or a wild-card entry [Example: %altiris% would file all files with the sub-string altiris in the name].
- Path - this parameter determines which path(s) will be included in the scan.
- Drives - this parameter determines which drive types will be included in the scan.
- Attributes - the parameter determines:
- Include subdirectories - If checked subdirectories of attribute #2 will be included in the scan.
- Include System - If checked files marked System will be included in the scan. Generally this should not be checked. System files should generally be managed by the OS itself.
- Include Hidden - If checked files marked as hidden will be included in the scan.
- Files - this parameter allows additional filtering of the files to be included in the scan.
- Include only - this parameter allows additional conditions to be applied to the files included (or allowed) by parameter #5. For example: If parameter #5 allows Java to be detected or run, this parameter can have a command-line filter which will allow Java to be detected or run only when a certain command-line is given.
- Exclude any - this filter allows items to be excluded from the filter.
Note: For a filter to work correctly in a Reference System Whitelist policy, either or both parameters #1 and #5 must generally have an identifier for files or there will typically be no results.