Commandline Filter
These filters will perform an exact, partial or regex match on the commandline of the process. Privilege Manager comes with default commandline filter types, which are all read-only, but can be copied to be customized.
This filter is available for both Windows and macOS systems.
Search for Commandline Filters
-
Navigate to Admin | Filters.
-
In the search field for the Type column enter commandline.
-
Select a filter to view its details and/or use Duplicate to customize the filter.
If you Duplicate (make a copy of an existing) filter, "rename" the filter and click Create.
Create a New Commandline Type Filter
-
Navigate to Admin | Filters.
-
Click Create Filter.
-
On the New Filter page, select the platform. For this example, select Windows.
-
From the Filter Type drop-down select Commandline Filter.
-
Enter a name and description and click Create.
-
Customize the newly created filter.
- Under Settings,
- Set the Match Type. This can be either an exact or partial match or specified as a regular expression.
- Enter the commandline to match.
- Under Settings,
-
Click Save Changes.
Parameters
Commandline Filters have one section to set the parameters for the filter.
The Match Type gives you the options:
- Exact Match
- Partial Match
- Regular expression
Command Line:
- This is the section where you enter in the given command parameters to pull up the file or action.
You can turn on agent trace logging to view the command line being evaluated against the Regex expression to troubleshoot any issues with the filter matching.
Examples
A commandline filter examines the commandline (excluding the primary executable) and applies a pattern match (Exact, Partial or Regular Expression).
For example allowing /FlushDNS as a command for IPConfig.