Commandline Filter

These filters will perform an exact, partial or regex match on the commandline of the process. Privilege Manager comes with default commandline filter types, which are all read-only, but can be copied to be customized.

This filter is available for both Windows and macOS systems.

Search for Commandline Filters

  1. Navigate to Admin | Filters.

  2. In the search field for the Type column enter commandline.

    Commandline Filter type search

  3. Select a filter to view its details and/or use Duplicate to customize the filter.

    Commandline Filter default example

    If you Duplicate (make a copy of an existing) filter, "rename" the filter and click Create.

    duplicate

Create a New Commandline Type Filter

  1. Navigate to Admin | Filters.

  2. Click Create Filter.

  3. On the New Filter page, select the platform. For this example, select Windows.

  4. From the Filter Type drop-down select Commandline Filter.

  5. Enter a name and description and click Create.

    New Commandline Filter

  6. Customize the newly created filter.

    New Commandline Filter edit

    1. Under Settings,
      1. Set the Match Type. This can be either an exact or partial match or specified as a regular expression.
      2. Enter the commandline to match.

  7. Click Save Changes.

Parameters

Commandline Filters have one section to set the parameters for the filter.

The Match Type gives you the options:

  • Exact Match
  • Partial Match
  • Regular expression

Command Line:

  • This is the section where you enter in the given command parameters to pull up the file or action.

You can turn on agent trace logging to view the command line being evaluated against the Regex expression to troubleshoot any issues with the filter matching.

Examples

A commandline filter examines the commandline (excluding the primary executable) and applies a pattern match (Exact, Partial or Regular Expression).

For example allowing /FlushDNS as a command for IPConfig.