Views:
Recommendation scans provide a good starting point for establishing a list of rules that you should implement, but some additional rules for common vulnerabilities are not identified by recommendation scans because must be carefully configured and tested before being implemented in prevent (block) mode. Trend Micro recommends that you configure and test these rules, then manually enable them in your policies or individual computers.
The table below includes the most common additional rules you should configure. You can find others in Workload Security by searching for rules whose type is Smart or Policy.
Rule name
Application type
1007598 - Identified Possible Ransomware File Rename Activity Over Network Share
DCERPC Services
1007596 - Identified Possible Ransomware File Extension Rename Activity Over Network Share
DCERPC Services
1006906 - Identified Usage Of PsExec Command Line Tool
DCERPC Services
1007064 - Executable File Uploaded On System32 Folder Through SMB Share
DCERPC Services
1003222 - Block Administrative Share
DCERPC Services
1001126 - DNS Domain Blocker
DNS Client
1000608 - Generic SQL Injection Prevention
Web Application Common
1005613 - Generic SQL Injection Prevention - 2
Web Application Common
1000552 - Generic Cross Site Scripting (XSS) Prevention
Web Application Common
1006022 - Identified Suspicious Image With Embedded PHP Code
Web Application Common
1005402 - Identified Suspicious User Agent In HTTP Request
Web Application Common
1005934 - Identified Suspicious Command Injection Attack
Web Application Common
1006823 - Identified Suspicious Command Injection Attack - 1
Web Application Common
1005933 - Identified Directory Traversal Sequence In Uri Query Parameter
Web Application Common
1006067 - Identified Too Many HTTP Requests With Specific HTTP Method
Web Server Common
1005434 - Disallow Upload Of A PHP File
Web Server Common
1003025 - Web Server Restrict Executable File Uploads
Web Server Common
1007212 - Disallow Upload Of An Archive File
Web Server Common
1007213 - Disallow Upload Of A Class File
Web Server Common