Using path roots in identifiers

The workstations in your SES Evolution environment do not all have the same Windows installation. For example, the user profile and applications may be located in different drives from one workstation to another. SES Evolution provides variables in the form of path roots that allow rules to be adapted to each user, regardless of their drive names and trees.

Stormshield highly recommends the use of such roots in the Path field during the creation of application identifiers and file rules, especially to identify applications found in the Programs or System32 folder.

Use the root... To reference...

The volume on which Windows is installed, typically C:

\EsaRoots\SystemRoot The Windows folder, typically C:\Windows
\EsaRoots\UserProfiles The Users folder
\EsaRoots\ProgramData The folder in which applications automatically store data regardless of the user



Folders in which 64-bit and 32-bit applications are installed respectively. On a 32-bit operating system, both symbolic links point to the same location.

Use the paths \EsaRoots\ProgramFiles\Internet Explorer\iexplore.exe and\EsaRoots\ProgramFilesX86\Internet Explorer\iexplore.exe to create the application identifier of the Microsoft Internet Explorer browser.
Path EsaRoots for an application ID

Use the path \EsaRoots\SystemRoot\System32\drivers\etc\hosts to identify the hosts file when creating a file access rule.
Path EsaRoots for a file ID