Reference Guide
Security Management Server Virtual - AdminHelp v9.8
241
Global Allow policy example
<?xml version="1.0" encoding="utf-8"?>
<disconnected_policy>
<policy_name>Default</policy_name>
<policy_company>Acme</policy_company>
<policy_company_id>uxSYabW9P2nMbGLzuqJhvT9Y</policy_company_id>
<policy_utctimestamp>Date(-62135596800000+0000)</policy_utctimestamp>
<filetype_actions>
<suspicious_files file_type="executable" actions="7" />
<threat_files file_type="executable" actions="7" />
</filetype_actions>
<memoryviolation_actions>
<memory_violation violation_type="stackpivot" action="Alert" />
<memory_violation violation_type="stackprotect" action="Block" />
<memory_violation violation_type="stackpivot" action="Terminate" />
<memory_violation violation_type="overwritecode" action="None" />
<memory_violation violation_type="outofprocessallocation" action="Scuba" />
<memory_violation violation_type="outofprocessmap" action="Alert" />
<memory_violation violation_type="outofprocesswrite" action="Block" />
<memory_violation violation_type="outofprocesswritepe" action="Terminate" />
<memory_violation violation_type="outofprocessoverwritecode" action="None" />
<memory_violation violation_type="outofprocessunmapmemory" action="Alert" />
<memory_violation violation_type="outofprocesscreatethread" action="Alert" />
<memory_violation violation_type="outofprocessapc" action="Alert" />
<memory_violation violation_type="lsassread" action="Alert" />
<memory_exclusion_list>
<path>temp\files\exe1.exe</path>
<path>stuff\folder\exe2.exe</path>
</memory_exclusion_list>
</memoryviolation_actions>
<appcontrol>
<changewindow_enabled>0</changewindow_enabled>