SYM_WIN_PROTECTION_CORE_SBP V5.2.9 R573 [SUMMARY]
10-Jul-2015 03:13:11 PDT
Exported By: symadmin    from Server: Localhost Server



 Global Policy Options
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%systemroot%\System32\ctfmon.exe"
 Limited Access Process Access Controls
 Block and log modifications to these processes as trivial
 List of processes that should not be modified
 TargetProgram="%systemroot%\System32\csrss.exe"
 TargetProgram="%systemroot%\System32\winlogon.exe"
 TargetProgram="%systemroot%\System32\wininit.exe"
 TargetProgram="%systemroot%\System32\smss.exe"
 TargetProgram="*", Program="%systemroot%\system32\conhost.exe"
 TargetProgram="%systemroot%\explorer.exe", Program="*"
 TargetProgram="%systemroot%\System32\lsass.exe", Program="%%-6432:HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Tools\InstallPath%%vmtoolsd.exe"
 No-Access Process Access Controls
 Block and log all access to these processes as trivial
 List of processes that should not be accessed
 TargetProgram="%systemroot%\System32\lsass.exe"
 Resource Lists
 Read-only Resource Lists
 Block modifications to these files
 List of files that should not be modified
 Value="%%-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\MOF Self-Install Directory%%"
 Value="%%-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\MOF Self-Install Directory%%\*"
 Network Controls
 Inbound
 Globally set the default inbound rules to deny.
 Process Logging Options
 Log process assignment messages
 Log process assignment command line arguments
 Remote File Access Options [remote_file_ps]
 Alternate Privilege Level (choose only one)
 Block execution of files with non-executable extensions
 Block modifications to windows services
 Kernel Driver Options [kernel_ps]
 Advanced Options
 Network Controls
 Inbound
 Components
 Inbound hosts list
 kernel inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 Any (0-65535)
 Inbound udp port list
 List of Inbound udp ports
 Any (0-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="%iis_accept_tcp_list%", RemoteIP="%iis_netaccept_addr_list%", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="%termsrv_accept_tcp_list%", RemoteIP="%termsrv_netaccept_addr_list%", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="netbios-datagram (138)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="netbios-ns (137)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="high (1024-65535)", RemoteIP="pset specific outbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 kernel outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 high (1024-65535)
 Outbound udp port list
 List of outbound udp ports
 high (1024-65535)
 Outbound network rules
 List of rules to control outbound network connections
 LocalPort="netbios-datagram (138)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="netbios-ns (137)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific inbound hosts component", RemotePort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Do not log
 Host Security Programs [hsecurity_ps]
 Basic Options
 Host Security programs installed
 List of Host Security programs
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\NAV%%\Navw32.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\NAV%%\Navwnt.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\NAV%%\SAVScan.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\NAV%%\ccIMScn.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\NAV%%\navapsvc.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\NAV%%\NAVAPW32.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\NAV%%\OPScan.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\NAV%%\IWP\NPFMntor.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedUsage\LiveUpdate%%\LuComServer*.EXE
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedUsage\LiveUpdate%%\NDETECT.EXE
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Common Client%%ccApp.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Common Client%%LiveReg\IRALRSHL.EXE
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Common Client%%Script Blocking\SBServ.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Common Client%%SNDSrvc.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAVCE%%Rtvscan.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAVCE%%SavRoam.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Agent\Install Dir%%\mcagent.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Agent\Install Dir%%\mcregwiz.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Agent\Install Dir%%\mcupdate.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Agent\Install Dir%%\mcupdmgr.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Virusscan Online\Install Dir%%\McShield.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Virusscan Online\Install Dir%%\McVSEscn.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Virusscan Online\Install Dir%%\mcvsftsn.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Virusscan Online\Install Dir%%\mcvsmap.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\Virusscan Online\Install Dir%%\mcvsrte.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\szInstallDir%%csscan.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\szInstallDir%%Mcshield.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\szInstallDir%%mcupdate.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\szInstallDir%%scan32.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.XX\szInstallDir%%Scan.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\Framework\Installed Path%%\FrameworkService.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillin\Application Path%%Tmntsrv.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillin\Application Path%%TSC.EXE
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Application Path%%TSC.EXE
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Application Path%%PccNTMon.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Application Path%%TmListen.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Common Client%%ccEvtMgr.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Common Client%%ccSetMgr.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Common Client%%ccProxy.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Symantec Shared Directory%%\CfgWiz.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Savrt%%\DoScan.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SSCADMIN%%Deployment\Server Rollout\SETUP.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SSCADMIN%%Deployment\ClientRemote Installation\clientremote.exe
 %programfiles%\NAV\rtvscan.exe
 %programfiles%\CA\etrust EZ Armor\etrust EZ Antivirus\autodown.exe
 %programfiles%\CA\etrust EZ Armor\etrust EZ Antivirus\vet32.exe
 %programfiles%\NavNT\rtvscan.exe
 %programfiles%\McAfee.com\shared\mghtml.exe
 %programfiles%\Symantec\LiveUpdate\*.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Sygate Technologies, Inc.\Sygate Personal Firewall\smc_install_path%%smc.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Internet Security%%\SymSPort.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Internet Security%%\fio.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\LiveState Recovery\3.0\InstallDir%%Agent\VProSvc.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\LiveState Recovery\6.0\InstallDir%%Agent\VProSvc.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SEPM\TargetDir%%*.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_install_path%%*.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAV Install Directory%%smc.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\InstallDir%%\AeXNSAgent.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Common Client%%Reporting Agents\Win32\ReporterSvc.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Common Client%%SPBBC\SPBBCSvc.exe
 %programfiles%\Symantec\Symantec Endpoint Protection\*.exe
 %%-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Backup Exec System Recovery\ImagePath%%
 %%-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupExecRPCService\ImagePath%%
 %%-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupExecAgentAccelerator\ImagePath%%
 %%-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupExecJobEngine\ImagePath%%
 %%-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLOMaintenanceSvc\ImagePath%%
 %%-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLOAdminSvcu\ImagePath%%
 %%-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupExecDeviceMediaService\ImagePath%%
 %%-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupExecAgentBrowser\ImagePath%%
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Internet Security%%SymSPort.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Internet Security%%fio.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Savrt%%vpdn_lu.exe
 %programfiles%\Symantec Client Security\Symantec AntiVirus\vpdn_lu.exe
 %programfiles%\Windows Defender\msascui.exe
 %%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\Common Client%%ccSvcHst.exe
 %systemroot%\system32\sisnat-*.exe
 %%-HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\mfevtp\ImagePath%%\*
 %programfiles%\ActivIdentity\ActivClient\accrdsub.exe
 %%-6432:HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection\szInstallDir%%\*
 Advanced Options
 Block execution of files with non-executable extensions
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Exceptions for unusual memory allocations
 List of program exceptions for unusual memory allocations
 Action="Allow", Log="Do not log", Program="%programfiles%\Symantec\Symantec Endpoint Protection\*.exe"
 Action="Allow", Log="Do not log", Program="%programfiles%\Symantec AntiVirus\*.exe"
 Action="Allow", Log="Do not log", Program="%commonprogramfiles%\Symantec Shared\*.exe"
 Action="Allow", Log="Do not log", Program="%programfiles%\Symantec\LiveUpdate\*.exe"
 Block unusual memory permission changes
 Exceptions for unusual memory permission changes
 List of program exceptions for unusual memory permission changes
 Action="Allow", Log="Do not log", Program="%programfiles%\Symantec\Symantec Endpoint Protection\*.exe"
 Action="Allow", Log="Do not log", Program="%programfiles%\Symantec AntiVirus\*.exe"
 Action="Allow", Log="Do not log", Program="%commonprogramfiles%\Symantec Shared\*.exe"
 Action="Allow", Log="Do not log", Program="%programfiles%\Symantec\LiveUpdate\*.exe"
 Block turning off Data Execution Prevention (DEP)
 Exceptions for turning off Data Execution Prevention (DEP)
 List of program exceptions for turning off DEP
 Action="Deny", Log="Log as trivial", Program="%programfiles%\Symantec\Symantec Endpoint Protection\*.exe"
 Action="Deny", Log="Log as trivial", Program="%programfiles%\Symantec AntiVirus\*.exe"
 Action="Deny", Log="Log as trivial", Program="%commonprogramfiles%\Symantec Shared\*.exe"
 Action="Deny", Log="Log as trivial", Program="%programfiles%\Symantec\LiveUpdate\*.exe"
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%systemroot%\System32\winlogon.exe", Program="%%-6432:HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_install_path%%smc.exe"
 Limited Access Process Access Controls
 Block and log modifications to these processes as trivial
 List of processes that should not be modified
 TargetProgram="%systemroot%\System32\lsass.exe"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 av inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 sav tcp-fixed (2967)
 sav tcp-dynamic
 sep server default port (8443)
 sep database default port (2638)
 sep admin port (9090)
 altiris tcp port
 Inbound udp port list
 List of Inbound udp ports
 altiris udp port1
 altiris udp port2
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="Any (0-65535)", RemoteIP="Local IPs (v4 and v6)", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="Any (0-65535)", RemoteIP="Local IPs (v4 and v6)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 av outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 sav tcp-fixed (2967)
 sav tcp-dynamic
 sep server default port (8443)
 sep database default port (2638)
 Any (0-65535)
 Outbound udp port list
 List of outbound udp ports
 high (1024-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 Additional Parameter Settings
 Enable control of modifications to executable files
 List of executable file extensions
 *.exe
 *.bat
 *.com
 *.dll
 *.cpl
 *.pif
 *.vbe
 *.vbs
 *.shs
 *.shb
 *.scr
 *.cmd
 *.js
 *.jse
 *.wsh
 *.wsf
 *.reg
 *.hta
 *.ocx
 *.msc
 *.msi
 *.sys
 *.ps1
 *.plg
 *.ime
 *.Manifest
 *.drv
 *.tsp
 Service Options
 General Service Options
 Alternate Privilege Lists
 Specify Services with Safe privileges
 List of Services with Safe privilege
 Program="%systemroot%\System32\mapisp32.exe"
 Program="%systemroot%\System32\msiexec.exe"
 Program="%commonprogramfiles%\InstallShield\engine\*\iKernel.exe"
 Program="%programfiles%\NAV\rtvscan.exe"
 Program="%programfiles%\VERITAS\Backup Exec\NT\bengine.exe"
 Program="%systemroot%\System32\CPQMGMT\CPQWMGMT.EXE"
 Program="%systemroot%\System32\CPQMGMT\CqMgHost\CQMGHOST.EXE"
 Program="%programfiles%\NavNT\rtvscan.exe"
 Program="%systemroot%\MS\SMS\CORE\BIN\*"
 Program="%systemroot%\MS\SMS\CLICOMP\*"
 Program="%systemroot%\System32\spupdsvc.exe"
 Program="%systemroot%\system32\tphdexlg.exe"
 Program="%systemroot%\system32\CCM\CcmExec.exe"
 Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k secsvcs *"
 Program="%systemroot%\winsxs\*\tiworker.exe"
 Program="%systemroot%\System32\taskhost.exe"
 Program="%systemroot%\System32\taskhostex.exe"
 Specify Services with Standard privileges
 List of Services with Standard privilege
 Program="%systemroot%\system32\regfltuser.exe"
 Additional Parameter Settings
 Disable service execution of specific programs
 List of programs services should not execute
 Program="%systemroot%\system32\cmd.exe"
 Program="%systemroot%\system32\rundll32.exe"
 Program="%systemroot%\system32\cscript.exe"
 Program="%systemroot%\system32\java.exe"
 Program="%systemroot%\system32\javaw.exe"
 Program="%systemroot%\system32\wscript.exe "
 Program="%systemroot%\system32\net.exe "
 Program="%systemroot%\system32\net1.exe"
 Program="%systemroot%\system32\wbem\mofcomp.exe"
 Program="%systemroot%\system32\ftp.exe"
 Program="%systemroot%\system32\tftp.exe"
 Program="%systemroot%\system32\rcp.exe"
 Program="%systemroot%\system32\telnet.exe"
 Program="%systemroot%\system32\rexec.exe"
 Program="%systemroot%\system32\rsh.exe "
 Program="%systemroot%\system32\mstsc.exe"
 Program="%systemroot%\system32\shutdown.exe"
 Program="%systemroot%\system32\taskkill.exe"
 Program="%systemroot%\system32\netsh.exe"
 Program="%systemroot%\system32\arp.exe"
 Program="%systemroot%\system32\nbtstat.exe"
 Program="*\osql.exe"
 Program="*\sqlcmd.exe"
 Program="*\command.com"
 Program="*\powershell.exe"
 Allow services to run these programs if using specific arguments
 Exception List
 Program="%systemroot%\system32\rundll32.exe", Arguments="&ci; %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll* *"
 Program="%systemroot%\system32\rundll32.exe", Arguments="&ci; * newdev.dll* *"
 Program="%systemroot%\system32\rundll32.exe", Arguments="&ci; * //d sdengin2.dll,ExecuteScheduledBackup *"
 Program="%systemroot%\system32\rundll32.exe", Arguments="&ci; * //d srrstr.dll,ExecuteScheduledSPPCreation *"
 Program="%systemroot%\system32\rundll32.exe", Arguments="&ci; * aepdu.dll,AePduRunUpdate *"
 Program="%systemroot%\system32\rundll32.exe", Arguments="&ci; * //d acproxy.dll,PerformAutochkOperations *"
 Program="%systemroot%\syswow64\rundll32.exe", Arguments="&ci; %systemroot%\syswow64\rundll32.exe %systemroot%\syswow64\schedsvc.dll* *"
 Program="%systemroot%\system32\rundll32.exe", Arguments="&ci; %systemroot%\system32\rundll32.exe %systemroot%\system32\schedsvc.dll* *"
 Program="%systemroot%\syswow64\rundll32.exe", Arguments="&ci; %systemroot%\syswow64\rundll32.exe "%%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Content\VirusDefs%%\*\cceraser.dll"* *"
 Program="%systemroot%\system32\rundll32.exe", Arguments="&ci; %systemroot%\system32\rundll32.exe "%%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Content\VirusDefs%%\*\cceraser.dll"* *"
 Application Service Options
 Microsoft Exchange Server [exchange_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Network Controls
 Inbound
 Components
 Inbound hosts list
 exchange inbound address list
 Local IPs (v4 and v6)
 Any
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 high (1024-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 exchange outbound address list
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 domain (53)
 http (80)
 https (443)
 imap (143)
 imaps (993)
 irc (194)
 ircs (994)
 ldap (389)
 ldaps (636)
 nntp (119)
 nntps (563)
 pop3 (110)
 pop3s (995)
 epmap (135)
 smtp (25)
 ssmtp (465)
 msft-gc
 msft-gc-ssl
 msexch-routing (691)
 netbios-session (139)
 high (1024-65535)
 Outbound udp port list
 List of outbound udp ports
 domain (53)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Internet Information Services [iis_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Resource Lists
 Writable Resource Lists
 Allow modifications to these files
 List of files that can be modified
 Value="%systemdrive%\inetpub\temp"
 Value="%systemdrive%\inetpub\temp\*"
 Network Controls
 Inbound
 Components
 Enable access to mail-related resources
 Mail ports used by iis
 pop3 (110)
 pop3s (995)
 imap (143)
 imaps (993)
 smtp (25)
 ssmtp (465)
 msexch-routing (691)
 Enable access to news-related resources
 IIS news ports
 nntp (119)
 nntps (563)
 Enable access to FTP-related resources
 IIS news ports
 ftp (21)
 ftp-data (20)
 Inbound hosts list
 iis inbound address list
 Local IPs (v4 and v6)
 Inbound tcp port list
 List of Inbound tcp ports
 http (80)
 https (443)
 high (1024-65535)
 ldap (389)
 ldaps (636)
 msft-gc (3268)
 msft-gc-ssl (3269)
 smtp (25)
 Inbound udp port list
 List of Inbound udp ports
 high (1024-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 iis outbound address list
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 ldap (389)
 ldaps (636)
 msft-gc
 msft-gc-ssl
 epmap (135)
 domain (53)
 msexch-routing (691)
 smtp (25)
 ssmtp (465)
 high (1024-65535)
 Outbound udp port list
 List of outbound udp ports
 domain (53)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Microsoft SQL Server [mssqlsrv_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Exceptions for unusual memory allocations
 List of program exceptions for unusual memory allocations
 Action="Allow", Log="Do not log", Program="*\sqlservr.exe"
 Action="Allow", Log="Do not log", Program="*\90\DTS\Binn\MsDtsSrvr.exe"
 Action="Allow", Log="Do not log", Program="*\OLAP\bin\msmdsrv.exe"
 Action="Allow", Log="Do not log", Program="*\mssql\binn\sqlagent90.exe"
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Network Controls
 Inbound
 Components
 Inbound hosts list
 mssqlsrv inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 ms-sql-s (1433)
 ms-sql-s1 (dynamic)
 ms-sql-s2 (dynamic)
 ms-sql-s3 (dynamic)
 Inbound udp port list
 List of Inbound udp ports
 ms-sql-m (1434)
 ms-sql-m1 (dynamic)
 Inbound network rules
 List of rules to control connections into this system
 RemoteIP="Local IPs (v4 and v6)", RemotePort="ms-sql-m (1434)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="Local IPs (v4 and v6)", RemotePort="ms-sql-m1 (dynamic)", Protocol="UDP", Action="Disabled", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 mssqlsrv outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 epmap (135)
 high (1024-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="Local IPs (v4 and v6)", RemotePort="ms-sql-m (1434)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="Local IPs (v4 and v6)", RemotePort="ms-sql-m1 (dynamic)", Protocol="UDP", Action="Disabled", Log="Do not log"
 RemotePort="ms-sql-m (1434)", Protocol="UDP", Action="Deny", Log="Log as trivial"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Core OS Service Options
 Symantec Data Center Security Server Agent Service [sdcssagent_ps]
 Advanced Options
 Block modifications to executable files
 Block registration of COM and ActiveX controls
 Process Access Controls
 No-Access Process Access Controls
 Block and log all access to these processes as trivial
 List of processes that should not be accessed
 TargetProgram="%systemroot%\System32\lsass.exe"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 afagent inbound address list
 SDCSS Server IP
 Inbound tcp port list
 List of Inbound tcp ports
 sdcssagent
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemotePort="domain (53)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="Local IPs (v4 and v6)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="Local IPs (v4 and v6)", Protocol="TCP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log as trivial
 Outbound
 Components
 Outbound hosts list
 afagent outbound address list
 SDCSS Server IP
 Outbound tcp port list
 List of outbound tcp ports
 sdcssserver
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemotePort="domain (53)", Protocol="Both TCP and UDP", Action="Allow", Log="Do not log"
 RemoteIP="Local IPs (v4 and v6)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="Local IPs (v4 and v6)", Protocol="TCP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log as trivial
 Symantec Data Center Security Server Management Service [sdcssserver_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Network Controls
 Inbound
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="Any (0-65535)", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="Any (0-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Outbound network rules
 List of rules to control outbound network connections
 RemotePort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemotePort="Any (0-65535)", Protocol="TCP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 Distributed File System [dfssvc_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Network Controls
 Inbound
 Components
 Inbound hosts list
 dfssvc inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 high (1024-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 dfssvc outbound address list
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 epmap (135)
 ldap (389)
 ldaps (636)
 high (1024-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Distributed Transaction Coordinator [msdtc_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block turning off Data Execution Prevention (DEP)
 Network Controls
 Inbound
 Components
 Inbound hosts list
 msdtc inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 high (1024-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 msdtc outbound address list
 Global outbound hosts component
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 DNS Server [dns_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Network Controls
 Inbound
 Components
 Inbound hosts list
 dns inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 domain (53)
 Inbound udp port list
 List of Inbound udp ports
 domain (53)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", RemoteIP="Local IPs (v4 and v6)", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="high (1024-65535)", RemoteIP="Local IPs (v4 and v6)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 dns outbound address list
 Local IPs (v4 and v6)
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 domain (53)
 ldap (389)
 high (1024-65535)
 Outbound udp port list
 List of outbound udp ports
 domain (53)
 high (1024-65535)
 Outbound network rules
 List of rules to control outbound network connections
 LocalPort="high (1024-65535)", RemoteIP="Local IPs (v4 and v6)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 File Replication Service [ntfrs_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Network Controls
 Inbound
 Components
 Inbound hosts list
 ntfrs inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 high (1024-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 ntfrs outbound address list
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 ldap (389)
 epmap (135)
 high (1024-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 License Logging Service [llssrv_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Network Controls
 Inbound
 Components
 Inbound hosts list
 llssrv inbound address list
 Local IPs (v4 and v6)
 Any
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 high (1024-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 llssrv outbound address list
 Local IPs (v4 and v6)
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 ldap (389)
 ldaps (636)
 epmap (135)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="Local IPs (v4 and v6)", RemotePort="high (1024-65535)", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Print Spooler [spoolsv_ps, spoolsv_child_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%systemroot%\System32\winlogon.exe", Program="%systemroot%\System32\spoolsv.exe"
 TargetProgram="%systemroot%\explorer.exe", Program="%systemroot%\System32\spoolsv.exe"
 Limited Access Process Access Controls
 Block and log modifications to these processes as trivial
 List of processes that should not be modified
 TargetProgram="%programfiles%\Microsoft Office\Office*\*.exe", Program="%systemroot%\System32\spoolsv.exe"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 spoolsv inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 high (1024-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 spoolsv outbound address list
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 epmap (135)
 ldap (389)
 ldaps (636)
 high (1024-65535)
 domain (53)
 printer (515)
 Outbound udp port list
 List of outbound udp ports
 snmp (161)
 slp (427)
 domain (53)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Remote Procedure Call (RPC) [rpcss_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Exceptions for unusual memory allocations
 List of program exceptions for unusual memory allocations
 Action="Allow", Log="Do not log", Program="%systemroot%\system32\svchost.exe"
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%systemroot%\System32\dllhost.exe", Program="%systemroot%\System32\svchost.exe"
 TargetProgram="%systemroot%\System32\svchost.exe", TargetArguments="&ci; * -k rpcss *", Program="%systemroot%\System32\svchost.exe"
 TargetProgram="%%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_install_path%%SescLU.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k rpcss *"
 TargetProgram="%%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAVCE%%SavUI.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k rpcss *"
 TargetProgram="%systemroot%\winsxs\*\tiworker.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k rpcss *"
 TargetProgram="%systemroot%\system32\wbem\wmiprvse.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k rpcss *"
 Limited Access Process Access Controls
 Block and log modifications to these processes as trivial
 List of processes that should not be modified
 TargetProgram="%programfiles%\*\Microsoft Shared\Office*\Office Setup Controller\setup.exe", Program="%systemroot%\System32\svchost.exe", Arguments="&ci; * -k rpcss *"
 TargetProgram="%systemroot%\System32\wbem\wmiprvse.exe", Program="%systemroot%\System32\svchost.exe", Arguments="&ci; * -k rpcss *"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 rpcss inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 epmap (135)
 http-rpc-epmap (593)
 Inbound udp port list
 List of Inbound udp ports
 epmap (135)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", RemoteIP="Local IPs (v4 and v6)", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 rpcss outbound address list
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 epmap (135)
 http-rpc-epmap (593)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Remote Registry Service [regsvc_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Network Controls
 Inbound
 Components
 Inbound hosts list
 regsvc inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 high (1024-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 regsvc outbound address list
 Global outbound hosts component
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Service Control Manager [scm_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%systemroot%\system32\userinit.exe", Program="%systemroot%\System32\services.exe"
 TargetProgram="%systemroot%\explorer.exe", Program="%systemroot%\System32\services.exe"
 Limited Access Process Access Controls
 Block and log modifications to these processes as trivial
 List of processes that should not be modified
 TargetProgram="%systemroot%\System32\lsass.exe"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 scm inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 Any (0-65535)
 Inbound udp port list
 List of Inbound udp ports
 Any (0-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="bootpc (68)", RemotePort="bootps (67)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="ntp (123)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 scm outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 Any (0-65535)
 Outbound udp port list
 List of outbound udp ports
 Any (0-65535)
 Outbound network rules
 List of rules to control outbound network connections
 LocalPort="bootpc (68)", RemotePort="bootps (67)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific inbound hosts component", RemotePort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 Secondary Logon [runas_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%systemroot%\system32\runas.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 runas inbound address list
 Global inbound hosts component
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 runas outbound address list
 Global outbound hosts component
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Simple TCP/IP Services [tcpsvcs_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Network Controls
 Inbound
 Components
 Inbound hosts list
 tcpsvcs inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 bootps (67)
 bootpc (68)
 high (1024-65535)
 printer (515)
 Inbound udp port list
 List of Inbound udp ports
 bootps (67)
 bootpc (68)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 tcpsvcs outbound address list
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 ldap (389)
 ldaps (636)
 domain (53)
 Outbound udp port list
 List of outbound udp ports
 bootps (67)
 bootpc (68)
 domain (53)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="Local IPs (v4 and v6)", RemotePort="high (1024-65535)", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 SNMP Service [snmp_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Network Controls
 Inbound
 Components
 Inbound hosts list
 snmp inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 snmp (161)
 snmptrap (162)
 Inbound udp port list
 List of Inbound udp ports
 snmp (161)
 snmptrap (162)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 snmp outbound address list
 Any
 Global outbound hosts component
 Outbound udp port list
 List of outbound udp ports
 snmptrap
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Startup Processes [system_ps]
 Advanced Options
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Exceptions for unusual memory allocations
 List of program exceptions for unusual memory allocations
 Action="Allow", Log="Do not log", Program="%systemroot%\system32\csrss.exe"
 Action="Allow", Log="Do not log", Program="%systemroot%\system32\wininit.exe"
 Action="Allow", Log="Do not log", Program="%systemroot%\system32\winlogon.exe"
 Action="Allow", Log="Do not log", Program="%systemroot%\System32\wbem\wmiprvse.exe"
 Block unusual memory permission changes
 Exceptions for unusual memory permission changes
 List of program exceptions for unusual memory permission changes
 Action="Allow", Log="Do not log", Program="%systemroot%\system32\lsass.exe"
 Action="Allow", Log="Do not log", Program="%systemroot%\system32\winlogon.exe"
 Action="Allow", Log="Do not log", Program="%systemroot%\System32\wbem\wmiprvse.exe"
 Block turning off Data Execution Prevention (DEP)
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="*", Program="%systemroot%\System32\lsass.exe"
 TargetProgram="*", Program="%systemroot%\System32\winlogon.exe"
 TargetProgram="*", Program="%systemroot%\System32\csrss.exe"
 TargetProgram="*", Program="%systemroot%\System32\smss.exe"
 TargetProgram="*", Program="\systemroot\System32\smss.exe"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 system inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 Any (0-65535)
 Inbound udp port list
 List of Inbound udp ports
 Any (0-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", RemoteIP="pset specific outbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 system outbound address list
 Local IPs (v4 and v6)
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 Any (0-65535)
 Outbound udp port list
 List of outbound udp ports
 Any (0-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific inbound hosts component", RemotePort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 Task Scheduler Service [mstask_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%systemroot%\system32\svchost.exe", Program="%systemroot%\system32\svchost.exe"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 mstask inbound address list
 Local IPs (v4 and v6)
 Any
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 high (1024-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 mstask outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 Any (0-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Telephony [tapisrv_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%systemroot%\system32\svchost.exe", TargetArguments="&ci; * -k netsvcs *", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k tapisrv *"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 tapisrv inbound address list
 Global inbound hosts component
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 tapisrv outbound address list
 Global outbound hosts component
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Terminal Services [termsrv_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Exceptions for unusual memory allocations
 List of program exceptions for unusual memory allocations
 Action="Allow", Log="Do not log", Program="%systemroot%\system32\lsm.exe"
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%systemroot%\System32\winlogon.exe", Program="%systemroot%\System32\svchost.exe"
 TargetProgram="%systemroot%\System32\svchost.exe", Program="%systemroot%\System32\svchost.exe"
 TargetProgram="%systemroot%\System32\csrss.exe", Program="%systemroot%\System32\svchost.exe"
 TargetProgram="%systemroot%\System32\logon.scr", Program="%systemroot%\System32\svchost.exe"
 TargetProgram="%systemroot%\System32\rdpclip.exe", Program="%systemroot%\System32\svchost.exe"
 TargetProgram="*", Program="%systemroot%\system32\lsm.exe"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 termsrv inbound address list
 Any
 Inbound tcp port list
 List of Inbound tcp ports
 ms-wbt-server (3389)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 termsrv outbound address list
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 epmap (135)
 ldap (389)
 high (1024-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Windows Internet Name Service (WINS) [wins_ps]
 Basic Options
 Enable WINS management
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Network Controls
 Inbound
 Components
 Inbound hosts list
 wins inbound address list
 Local IPs (v4 and v6)
 Any
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 netbios-ns (137)
 high (1024-65535)
 nameserver (42)
 Inbound udp port list
 List of Inbound udp ports
 nameserver (42)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 wins outbound address list
 Local IPs (v4 and v6)
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 nameserver
 Outbound udp port list
 List of outbound udp ports
 nameserver
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Windows Management Instrumentation [winmgmt_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Block unusual memory permission changes
 Block turning off Data Execution Prevention (DEP)
 Network Controls
 Inbound
 Components
 Inbound hosts list
 winmgmt inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 high (1024-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 winmgmt outbound address list
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 ldap (389)
 epmap (135)
 msft-gc
 msft-gc-ssl
 msexch-routing (691)
 high (1024-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Default Windows Services [def_winsvcs_ps, netsvcs_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Block unusual memory allocations
 Exceptions for unusual memory allocations
 List of program exceptions for unusual memory allocations
 Action="Allow", Log="Do not log", Program="%systemroot%\system32\rundll32.exe"
 Action="Allow", Log="Do not log", Program="%systemroot%\system32\searchfilterhost.exe"
 Action="Allow", Log="Do not log", Program="%systemroot%\system32\slsvc.exe"
 Action="Allow", Log="Do not log", Program="%systemroot%\system32\svchost.exe"
 Action="Allow", Log="Do not log", Program="%systemroot%\system32\wermgr.exe"
 Block unusual memory permission changes
 Exceptions for unusual memory permission changes
 List of program exceptions for unusual memory permission changes
 Action="Allow", Log="Do not log", Program="%systemroot%\system32\svchost.exe"
 Block turning off Data Execution Prevention (DEP)
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%systemroot%\System32\wbem\wmiprvse.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 TargetProgram="%systemroot%\System32\winlogon.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 TargetProgram="%systemroot%\explorer.exe", Program="%systemroot%\system32\svchost.exe"
 TargetProgram="%systemroot%\System32\csrss.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 TargetProgram="%systemroot%\System32\SearchIndexer.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 TargetProgram="%systemroot%\System32\RunDll32.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 TargetProgram="%systemroot%\System32\slui.exe", Program="%systemroot%\system32\sppsvc.exe"
 TargetProgram="%systemroot%\explorer.exe", Program="%systemroot%\system32\sppsvc.exe"
 TargetProgram="%systemroot%\System32\svchost.exe", Program="%systemroot%\system32\sppsvc.exe"
 TargetProgram="%systemroot%\System32\runas.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 TargetProgram="%systemroot%\system32\svchost.exe", TargetArguments="&ci; * -k RPCSS *", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k DcomLaunch *"
 TargetProgram="%systemroot%\system32\svchost.exe", TargetArguments="&ci; * -k LocalService *", Program="%systemroot%\system32\SLsvc.exe"
 TargetProgram="%programfiles%\Outlook Express\msimn.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 TargetProgram="%systemroot%\system32\svchost.exe", TargetArguments="&ci; * -k RPCSS *", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 TargetProgram="%systemroot%\system32\svchost.exe", TargetArguments="&ci; * -k netsvcs *", Program="%systemroot%\system32\consent.exe"
 TargetProgram="%systemroot%\system32\svchost.exe", TargetArguments="&ci; * -k netsvcs *", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k DcomLaunch *"
 TargetProgram="%systemroot%\system32\svchost.exe", TargetArguments="&ci; * -k DcomLaunch *", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 TargetProgram="*", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k DcomLaunch *"
 TargetProgram="%systemroot%\system32\svchost.exe", TargetArguments="&ci; * -k termsvcs *", Program="%systemroot%\system32\svchost.exe"
 TargetProgram="%systemroot%\system32\wininit.exe", Program="%systemroot%\system32\svchost.exe"
 TargetProgram="%%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedUsage\LiveUpdate%%\LuComServer*.EXE", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 TargetProgram="%%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SAVCE%%Rtvscan.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 TargetProgram="%%-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_install_path%%*.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 TargetProgram="%systemroot%\system32\svchost.exe", Program="%systemroot%\system32\rundll32.exe", Arguments="&ci; * //d srrstr.dll,ExecuteScheduledSPPCreation *"
 TargetProgram="%systemroot%\system32\spoolsv.exe", Program="%systemroot%\system32\svchost.exe"
 TargetProgram="*", Program="%systemroot%\system32\audiodg.exe"
 TargetProgram="%programfiles%\Microsoft Office Communicator\communicator.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k LocalSystemNetworkRestricted *"
 TargetProgram="%programfiles%\Windows Media Player\wmpnetwk.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k LocalSystemNetworkRestricted *"
 TargetProgram="%systemroot%\System32\spoolsv.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k LocalSystemNetworkRestricted *"
 TargetProgram="%programfiles%\Adobe\Reader *\Reader\AcroRd32.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k LocalSystemNetworkRestricted *"
 TargetProgram="%ProgramFiles%\Symantec\Symantec Endpoint Protection\*\Bin\ccSvcHst.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k LocalSystemNetworkRestricted *"
 TargetProgram="%systemroot%\system32\wbem\wmiprvse.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k LocalSystemNetworkRestricted *"
 TargetProgram="%systemroot%\system32\lsass.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k LocalSystemNetworkRestricted *"
 TargetProgram="%ProgramFiles%\Microsoft Office\Office*\OUTLOOK.EXE", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k LocalSystemNetworkRestricted *"
 TargetProgram="%systemroot%\Explorer.EXE", Program="%systemroot%\system32\SearchProtocolHost.exe"
 TargetProgram="%systemroot%\system32\svchost.exe", Program="%systemroot%\system32\svchost.exe"
 TargetProgram="%systemroot%\system32\vssvc.exe", Program="%systemroot%\system32\svchost.exe"
 TargetProgram="\Device\HardDiskVolume?\Documents and Settings\User_Name\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k LocalSystemNetworkRestricted *"
 TargetProgram="\Device\HardDiskVolume?\Documents and Settings\User_Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k LocalSystemNetworkRestricted *"
 TargetProgram="\Device\HardDiskVolume?\Program Files\Microsoft Office Communicator\communicator.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k LocalSystemNetworkRestricted *"
 TargetProgram="%systemroot%\system32\*.scr", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 TargetProgram="%systemroot%\system32\msiexec.exe", Program="%systemroot%\system32\svchost.exe"
 No-Access Process Access Controls
 Block and log all access to these processes as trivial
 List of processes that should not be accessed
 TargetProgram="%%HKEY_LOCAL_MACHINE\Software\symantec\intrusion security\Agent\InstallRoot%%\IPS\bin\SISIPSService.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k LocalSystemNetworkRestricted *"
 TargetProgram="%%HKEY_LOCAL_MACHINE\Software\symantec\intrusion security\Agent\InstallRoot%%\IPS\bin\SISManager.exe", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k LocalSystemNetworkRestricted *"
 Resource Lists
 Writable Resource Lists
 Allow modifications to these Registry keys
 List of Registry keys that can be modified
 Value="\REGISTRY\MACHINE\SYSTEM\*controlset*\services\VSS\Diag\*", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k SDRSVC *"
 Value="\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows*\CurrentVersion\SPP*", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k SDRSVC *"
 Value="\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup*", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k SDRSVC *"
 Value="\REGISTRY\MACHINE\SYSTEM\*controlset*\services\NetLogon", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k NetworkService *"
 Value="\REGISTRY\MACHINE\SYSTEM\*controlset*\services\NetLogon\*", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k NetworkService *"
 Value="\REGISTRY\MACHINE\SYSTEM\*controlset*\services\W32Time\*", Program="%systemroot%\system32\svchost.exe", Arguments="&ci; * -k NetworkService *"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 def_winsvcs inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 Any (0-65535)
 Inbound udp port list
 List of Inbound udp ports
 Any (0-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="bootpc (68)", RemotePort="bootps (67)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 def_winsvcs outbound address list
 Local IPs (v4 and v6)
 Any
 Global outbound hosts component
 Outbound udp port list
 List of outbound udp ports
 ntp (123)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 Full Service Options [svc_fullpriv_ps]
 Network Controls
 Inbound
 Components
 Inbound hosts list
 full_svc inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 Any (0-65535)
 Inbound udp port list
 List of Inbound udp ports
 Any (0-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 full_svc outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 Any (0-65535)
 Outbound udp port list
 List of outbound udp ports
 high (1024-65535)
 Any (0-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 SysCall Options
 Allow mounting of filesystems
 Allow creation of hardlinks
 Safe Service Options [svc_safepriv_ps]
 Memory Controls
 Enable Buffer Overflow Detection
 Network Controls
 Inbound
 Components
 Inbound hosts list
 safe_svc inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 Any (0-65535)
 Inbound udp port list
 List of Inbound udp ports
 Any (0-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="bootpc (68)", RemotePort="bootps (67)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="cisco-vpn (500)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 safe_svc outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 Any (0-65535)
 Outbound udp port list
 List of outbound udp ports
 Any (0-65535)
 Outbound network rules
 List of rules to control outbound network connections
 LocalPort="bootpc (68)", RemotePort="bootps (67)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 SysCall Options
 Allow mounting of filesystems
 Allow creation of hardlinks
 Custom Service Options [svc_custompriv_ps]
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Network Controls
 Inbound
 Components
 Inbound hosts list
 custom_svc inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 custom_svc outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Default Service Options [svc_stdpriv_ps]
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Alternate Privilege Level (choose only one)
 Run with Safe Service privileges
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%systemroot%\explorer.exe", Program="%systemroot%\System32\svchost.exe", Arguments="&ci; * -k netsvcs *"
 Limited Access Process Access Controls
 Block and log modifications to these processes as trivial
 List of processes that should not be modified
 TargetProgram="%systemroot%\System32\lsass.exe", Program="%systemroot%\system32\wbem\wmiprvse.exe"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 std_svc inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 Any (0-65535)
 Inbound udp port list
 List of Inbound udp ports
 Any (0-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="cisco-vpn (500)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 std_svc outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 Any (0-65535)
 Outbound udp port list
 List of outbound udp ports
 Any (0-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 Interactive Program Options
 General Interactive Program Options
 Alternate Privilege Lists
 Specify Interactive Programs that should not start
 List of Interactive Programs that should not start
 Program="%systemroot%\system32\rstrui.exe"
 Program="%systemroot%\system32\wbem\mofcomp.exe"
 Specify Interactive Programs with Safe privileges
 List of Interactive Programs with Safe privileges
 Program="%systemroot%\System32\mapisp32.exe"
 Program="%systemroot%\System32\msiexec.exe"
 Program="%commonprogramfiles%\InstallShield\engine\*\iKernel.exe"
 Program="%programfiles%\VERITAS\Backup Exec\NT\bengine.exe"
 Program="%systemroot%\System32\CPQMGMT\CPQWMGMT.EXE"
 Program="%systemroot%\System32\CPQMGMT\CqMgHost\CQMGHOST.EXE"
 Program="%systemroot%\MS\SMS\CORE\BIN\*"
 Program="%systemroot%\MS\SMS\CLICOMP\*"
 Program="%commonprogramfiles%\System\MAPI\1033\nt\MAPISP32.EXE"
 Specify groups with Safe privileges
 List of groups with Safe privileges
 %?SIDToName(S-1-5-32-544)?%
 Specific Interactive Program Options
 Symantec Data Center Security Server UI Programs [sdcssconsole_ps]
 Advanced Options
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block modifications to windows services
 Network Controls
 Inbound
 Components
 Inbound hosts list
 appfireui inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 Any (0-65535)
 Inbound udp port list
 List of Inbound udp ports
 Any (0-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 appfireui outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 SDCSS Server IP
 Outbound tcp port list
 List of outbound tcp ports
 Any (0-65535)
 Outbound udp port list
 List of outbound udp ports
 high (1024-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 Outlook & Outlook Express [outlook_ps, int_mailchild_ps, int_mailchild_unsafe_ps]
 Advanced Options
 Memory Controls
 Enable Buffer Overflow Detection
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block modifications to Startup folders
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Apply Outlook & Outlook Express control to Safe privilege users
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%systemroot%\explorer.exe", Program="%programfiles%\Outlook Express\msimn.exe"
 TargetProgram="%systemroot%\explorer.exe", Program="%programfiles%\Microsoft Office\Office12\OUTLOOK.EXE"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 outlook inbound address list
 Local IPs (v4 and v6)
 Any
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 Any (0-65535)
 Inbound udp port list
 List of Inbound udp ports
 Any (0-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", RemoteIP="pset specific outbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 outlook outbound address list
 Local IPs (v4 and v6)
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 Any (0-65535)
 Outbound udp port list
 List of outbound udp ports
 Any (0-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific inbound hosts component", RemotePort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 Microsoft Office [msoffice_ps]
 Advanced Options
 Memory Controls
 Enable Buffer Overflow Detection
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block modifications to Startup folders
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Apply Microsoft Office control to Safe privilege users
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%programfiles%\Microsoft Office\Office*\*.exe", Program="%systemroot%\splwow64.exe"
 Limited Access Process Access Controls
 Block and log modifications to these processes as trivial
 List of processes that should not be modified
 TargetProgram="%systemroot%\explorer.exe", Program="%programfiles%\Microsoft Office\Office*\*.exe"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 msoffice inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 Any (0-65535)
 Inbound udp port list
 List of Inbound udp ports
 Any (0-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", RemoteIP="pset specific outbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 msoffice outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 Any (0-65535)
 Outbound udp port list
 List of outbound udp ports
 Any (0-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific inbound hosts component", RemotePort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 Internet Explorer [iexplore_ps]
 Basic Options
 Disable execution of specific programs
 List of programs Internet Explorer should not execute
 Program="%systemroot%\system32\cmd.exe"
 Advanced Options
 Memory Controls
 Enable Buffer Overflow Detection
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block modifications to Startup folders
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Apply Internet Explorer control to Safe privilege users
 Process Access Controls
 Full Access Process Access Controls
 Allow full access to these processes
 List of processes to give full access to
 TargetProgram="%systemroot%\explorer.exe", Program="%programfiles%\Internet Explorer\iexplore.exe"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 iexplore inbound address list
 Local IPs (v4 and v6)
 Any
 Global inbound hosts component
 Inbound network rules
 List of rules to control connections into this system
 RemoteIP="Local IPs (v4 and v6)", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="Local IPs (v4 and v6)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 RemotePort="ftp-data (20)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 iexplore outbound address list
 Local IPs (v4 and v6)
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 http (80)
 https (443)
 epmap (135)
 ldap (389)
 ftp (21)
 8081
 sep server default port (8443)
 sep admin port (9090)
 high (1024-65535)
 Outbound udp port list
 List of outbound udp ports
 domain (53)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="Local IPs (v4 and v6)", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="Local IPs (v4 and v6)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="high (1024-65535)", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 Full Interactive Program Options [int_fullpriv_ps]
 Network Controls
 Inbound
 Components
 Inbound hosts list
 full_int inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 Any (0-65535)
 Inbound udp port list
 List of Inbound udp ports
 high (1024-65535)
 Any (0-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 full_int outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 Any (0-65535)
 Outbound udp port list
 List of outbound udp ports
 high (1024-65535)
 Any (0-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 SysCall Options
 Allow mounting of filesystems
 Allow creation of hardlinks
 Safe Interactive Program Options [int_safepriv_ps]
 Memory Controls
 Enable Buffer Overflow Detection
 Network Controls
 Inbound
 Components
 Inbound hosts list
 safe_int inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 Any (0-65535)
 Inbound udp port list
 List of Inbound udp ports
 high (1024-65535)
 Any (0-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 safe_int outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 Any (0-65535)
 Outbound udp port list
 List of outbound udp ports
 high (1024-65535)
 Any (0-65535)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied
 Custom Interactive Program Options [int_custompriv_ps]
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block modifications to Startup folders
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Network Controls
 Inbound
 Components
 Inbound hosts list
 custom_int inbound address list
 Local IPs (v4 and v6)
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 epmap (135)
 Inbound udp port list
 List of Inbound udp ports
 epmap (135)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Deny
 Default inbound rule log setting
 Log
 Outbound
 Components
 Outbound hosts list
 custom_int outbound address list
 Local IPs (v4 and v6)
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 epmap (135)
 ldap (389)
 http (80)
 Outbound udp port list
 List of outbound udp ports
 epmap (135)
 Outbound network rules
 List of rules to control outbound network connections
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Deny
 Default outbound rule log setting
 Log
 Default Interactive Program Options [int_stdpriv_ps]
 Block modifications to executable files
 Block execution of files with non-executable extensions
 Block modifications to Startup folders
 Block registration of COM and ActiveX controls
 Block modifications to windows services
 Memory Controls
 Enable Buffer Overflow Detection
 Alternate Privilege Level (choose only one)
 Run with Safe Interactive Program privileges
 Process Access Controls
 Limited Access Process Access Controls
 Block and log modifications to these processes as trivial
 List of processes that should not be modified
 TargetProgram="%systemroot%\System32\lsass.exe", Program="%systemroot%\system32\mmc.exe"
 Network Controls
 Inbound
 Components
 Inbound hosts list
 std_int inbound address list
 Local IPs (v4 and v6)
 Any
 Global inbound hosts component
 Inbound tcp port list
 List of Inbound tcp ports
 Any (0-65535)
 Inbound udp port list
 List of Inbound udp ports
 Any (0-65535)
 Inbound network rules
 List of rules to control connections into this system
 LocalPort="high (1024-65535)", RemoteIP="pset specific outbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="Any", Protocol="TCP", Action="Allow", Log="Do not log", Program="%-def_int_srvprog_list:prog%", Arguments="&ci; %-def_int_srvprog_list:cmdline%", User="%-def_int_srvprog_list:id%", Group="%-def_int_srvprog_list:groupid%"
 LocalPort="pset specific tcp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="TCP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default inbound rule
 Default inbound rule action
 Allow
 Default inbound rule log setting
 Log when denied
 Outbound
 Components
 Outbound hosts list
 std_int outbound address list
 Local IPs (v4 and v6)
 Any
 Global outbound hosts component
 Outbound tcp port list
 List of outbound tcp ports
 ldap (389)
 http (80)
 https (443)
 epmap (135)
 Outbound udp port list
 List of outbound udp ports
 high (1024-65535)
 Outbound network rules
 List of rules to control outbound network connections
 LocalPort="high (1024-65535)", RemoteIP="pset specific outbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 RemoteIP="Any", Protocol="TCP", Action="Allow", Log="Do not log", Program="%-def_int_srvprog_list:prog%", Arguments="&ci; %-def_int_srvprog_list:cmdline%", User="%-def_int_srvprog_list:id%", Group="%-def_int_srvprog_list:groupid%"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific tcp outbound port component", Protocol="TCP", Action="Allow", Log="Do not log"
 RemoteIP="pset specific outbound hosts component", RemotePort="pset specific udp outbound port component", Protocol="UDP", Action="Allow", Log="Do not log"
 LocalPort="pset specific udp inbound port component", RemoteIP="pset specific inbound hosts component", Protocol="UDP", Action="Allow", Log="Do not log"
 Default outbound rule
 Default outbound rule action
 Allow
 Default outbound rule log setting
 Log when denied