Monitoring - Authorisation Rules β
Elevate24 has the capability to block processes or file actions while the user is elevated, or always regardless of elevation. When configuring this, itβs important to test the configuration to ensure the desired outcome.
File Operation Rules β
- Availability: Premium
- Type: Array
Rules to restrict file operations. Allow rules can be used in conjunction with block rules to allow a process to execute under the specified conditions. File open operations can be restricted to read only access where required.
xml
<key>FileOperationRules</key>
<array>
<dict>
<key>action</key>
<string>allow</string>
<key>alwaysActive</key>
<true/>
<key>fileOperation</key>
<string>file:open</string>
<key>fileTargetPath</key>
<string>dhdfgh</string>
<key>signingID</key>
<string>dfghgfh</string>
<key>username</key>
<string>fgfgdh</string>
</dict>
</array>Execute Process Rules β
- Availability: Premium
- Type: Array
Rules to restrict execution of processes. Allow rules can be used in conjunction with block rules to allow a process to execute under the specified conditions. Multiple arguments can be specified by seperating them with a comma.
xml
<key>ExecuteProcessRules</key>
<array>
<dict>
<key>action</key>
<string>block</string>
<key>alwaysActive</key>
<true/>
<key>matchingArgumentsContaining</key>
<string>Contains...</string>
<key>processPath</key>
<string>App/ Process Path</string>
<key>signingID</key>
<string>Signing ID of App/ Process</string>
</dict>
</array>
```
---