Repairing a rule
Security rules are stored in a private file hidden in a folder. When a user accesses a folder secured by a rule, SDS Enterprise stores the content of this technical file in its account so that it can detect the following attacks:
- Deletion of the technical file,
- Modification of the rule by an unauthorized third party (e.g., adding or deleting a co-worker),
- Replacement of the technical file with a file from another valid rule, but intended for a different folder.
Some of these events can also be the consequence, not of an attack, but of an exceptional use case such as the:
- Deletion of the folder,
- Creation of a new folder with the same name,
- Definition of a new rule.
If an attack is suspected, SDS Enterprise will prohibit any access to the folder in question. To restore access:
- In Windows Explorer, right-click on the file and select Properties.
- Click on the Stormshield Data Security tab.
- Click on Restore to copy the rule stored in the account into the folder.
- Or click on Refresh to accept the rule set on the folder and copy it into the account.