Recommendation scans provide a good starting point for establishing a list of rules that you should implement,
but some additional rules for common vulnerabilities are not identified by recommendation
scans because must be carefully configured and tested before being implemented in
prevent (block) mode. Trend Micro recommends that you configure and test these rules, then
manually enable them in your policies or individual computers.
The table below includes the most common additional rules you should configure. You
can find others in Workload Security by searching for rules whose type is Smart or Policy.
|
Rule name
|
Application type
|
|
1007598 - Identified Possible Ransomware File Rename Activity Over Network Share
|
DCERPC Services
|
|
1007596 - Identified Possible Ransomware File Extension Rename Activity Over Network
Share
|
DCERPC Services
|
|
1006906 - Identified Usage Of PsExec Command Line Tool
|
DCERPC Services
|
|
1007064 - Executable File Uploaded On System32 Folder Through SMB Share
|
DCERPC Services
|
|
1003222 - Block Administrative Share
|
DCERPC Services
|
|
1001126 - DNS Domain Blocker
|
DNS Client
|
|
1000608 - Generic SQL Injection Prevention
See Configure a SQL injection prevention rule for details.
|
Web Application Common
|
|
1005613 - Generic SQL Injection Prevention - 2
|
Web Application Common
|
|
1000552 - Generic Cross Site Scripting (XSS) Prevention
|
Web Application Common
|
|
1006022 - Identified Suspicious Image With Embedded PHP Code
|
Web Application Common
|
|
1005402 - Identified Suspicious User Agent In HTTP Request
|
Web Application Common
|
|
1005934 - Identified Suspicious Command Injection Attack
|
Web Application Common
|
|
1006823 - Identified Suspicious Command Injection Attack - 1
|
Web Application Common
|
|
1005933 - Identified Directory Traversal Sequence In Uri Query Parameter
|
Web Application Common
|
|
1006067 - Identified Too Many HTTP Requests With Specific HTTP Method
|
Web Server Common
|
|
1005434 - Disallow Upload Of A PHP File
|
Web Server Common
|
|
1003025 - Web Server Restrict Executable File Uploads
|
Web Server Common
|
|
1007212 - Disallow Upload Of An Archive File
|
Web Server Common
|
|
1007213 - Disallow Upload Of A Class File
|
Web Server Common
|