Rules
      Back to home
      1. Vali Cyber Knowledge Base
      2. ZeroLock®
      3. Rules

      Updating the Zerolock Management Console Default Lockdown Rules

      How to update the default Recommended Rules ruleset to ensure hardening of endpoint security.

        Many known exploits are covered with this “Recommended Rules” ruleset that is automatically added to the database when the ZeroLock Management Console (ZMC) is installed.  The ruleset is protected and may not be changed but may be copied, allowing you to create and modify a ruleset based on your organization’s particular requirements.  

         

        Order Matters

        The Recommended Ruleset is of the Ordered Rule Type, meaning that lockdown rules (File Access, Network Access, and Program Execution rules) are evaluated top-to-bottom, with the rules on top resolving actions before moving on to the rules that follow.

        Like a firewall, if an action matches a lockdown rule at the top of the list, it will take the actions specified for that rule and stop evaluating any rules below it. If it does not match, it will pass to the next rule in line until it matches. If no rules match, then the action is allowed.

        In the provided default ruleset, the rules are written so they do not overlap in any way that is consequential to their order, so the default order is sufficient.

         

        Updating Default Ruleset

        The rules contained in the Default Ruleset are versioned so determining if a rule in your ruleset is out of date is simply a matter of looking at the rule’s detail and comparing versions.

        If a rule in your ruleset is out-of-date, you may download the latest ruleset JSON file from the support site to the folder you chose when you initially installed ZeroLock.  On importing,  the newer rule automatically replaces the older rule.

        1. Download the latest rule set for your server release from the Vali Cyber support site.  
        2. Navigate to the Control Policies | Rules page | Actions drop-down and select Upload New Rules.
          Step_2_Upload New Rules

        3. Open the JSON ruleset file you downloaded. The new ruleset will be uploaded to the ZMC, updating the rules.  
          Step_3_File Upload

        4. You can identify any revised rule by the version number on the Policy Rule details page. 
          Step_4_New Rule Version-1

        5. Review the release notes to know which rules have been updated or added, then check that those rules reflect the changes per Step 4. For entire ruleset additions, from the TYPE menu, select Ordered Ruleset.Step_5_Type Menu_Ordered Ruleset
        6. The last on the list is the most recent Ordered Ruleset.
          Step_6_Recent Ruleset