Configuring actions triggered by rules
When a protection rule blocks an operation performed on an SES Evolution agent, it will be logged, and you can determine the severity and destination of the log.
The generation of this log can trigger other actions if you want it to. There are two types of action:
- Show a notification on the agent. This notification will appear at the bottom right of the screen, indicating that a prohibited action was blocked by a protection rule.
- Run custom scripts.
This feature may be useful in triggering an antivirus analysis the moment the incident is logged, or it can move a malicious file to a specific folder.
- Select your security policy in the Policies tab, then select the set of rules. The main page of the rule set appears.
- Click on the tab of the rule that you want to modify.
- If you are in read-only mode, click on Edit in the upper banner.
- In the banner at the top of the rule, click on . The window Action when logs generated appears.
- Enable a notification on the agent, if you wish to, for every time this rule triggers a log. This feature is available only for rules in Protection mode.
- If you wish to run a script whenever this rule generates a log, click on Add an action.
- Enter a name for the action in the Run custom script window.
- To the right of the Script field, click on + to add the script to run.
- In the Arguments field, specify the arguments to add when the script is run.
- In the Run in list, choose Local service because this is an account with restricted privileges. Do not choose Interactive session or System accounts unless absolutely necessary.
Do note that scripts cannot be run during interactive sessions on a server with several remotely connected users.
- Click on Confirm.
All scripts that were declared in SES Evolution appear in the Script list. Select an existing script and click on to view it or to import a new version of the script.