Using path roots in identifiers
The workstations in your SES Evolution environment do not all have the same Windows installation. For example, the user profile and applications may be located in different drives from one workstation to another. SES Evolution provides variables in the form of path roots that allow rules to be adapted to each user, regardless of their drive names and trees.
Stormshield highly recommends the use of such roots in the Path field during the creation of application identifiers and file rules, especially to identify applications found in the Programs or System32 folder.
| Use the root... | To reference... |
| \EsaRoots\SystemDrive |
The volume on which Windows is installed, typically C: |
| \EsaRoots\SystemRoot | The Windows folder, typically C:\Windows |
| \EsaRoots\UserProfiles | The Users folder |
| \EsaRoots\ProgramData | The folder in which applications automatically store data regardless of the user |
|
\EsaRoots\ProgramFiles \EsaRoots\ProgramFilesX86 |
Folders in which 64-bit and 32-bit applications are installed respectively. On a 32-bit operating system, both symbolic links point to the same location. |
EXAMPLE 1
Use the paths \EsaRoots\ProgramFiles\Internet Explorer\iexplore.exe and\EsaRoots\ProgramFilesX86\Internet Explorer\iexplore.exe to create the application identifier of the Microsoft Internet Explorer browser.
EXAMPLE 2
Use the path \EsaRoots\SystemRoot\System32\drivers\etc\hosts to identify the hosts file when creating a file access rule.