Skip to main content

Illumio Security Policy Guide 25.4

  • Illumio Security Policy Guide 25.4
  • About Rules
  • Windows Process-Based Rules

Windows Process-Based Rules

Rules can be created to allow all system-initiated processes in Windows. This approach allows all traffic related to drivers and other operating system modules.

You can create a service of type Windows—process or service-based—with the word “system” (case-insensitive) in the Port/Protocol text input field. Once you create this service, you can use it in the rules.

Creating Services with System-Initiated Processes

To create a service that allows for all system-initiated processes:

  1. From the PCE web console menu, choose Policy Objects > Services .

  2. Click Add.

  3. Enter a name and definition for the service you are adding.

To add a service definition, from the Operating System drop-down, select either All Operating Systems: Port-Based or Windows Inbound: Process/Service-Based:

  • If you select All Operating Systems: Port-Based , you can only indicate a port, a protocol, or both, separating the port and protocol with a space.

    For example, port 512 TCP.

  • If you select Windows Inbound: Process/Service-Based from the Port and/or Protocol drop-down, specify a port/protocol, a process or service, or a port/protocol with a process or service, separating the port and protocol with a space.

    For example, port 512 TCP, process C:\windows\myprocess.exe, and Windows service, myprocess.

Select All Operating Systems: Port-Based or Windows Inbound: Process/Service-Based to remove a service definition from the Operating System drop-down.

  • Click the check box next to the Port and/or Protocol. You may select a single or multiple entries.

  • Click Remove.

Windows Environmental Variables

The Windows environmental variable can be used to specify a full path.

This can be done by creating a service type Windows: Process- or Service-based with the environment variables in the Port Protocol text input field.

Note

Currently, only the Windows System variable is supported for use in the process path.

For example, %systemroot%\myprocess.exe.

Rules can be created for all system-initiated processes in Windows, allowing all traffic related to drivers and other operating system modules.

This can be done by placing the word system (case-insensitive) in the text input field.

Creating a service with Windows environmental variables

To create a service that uses Windows environmental variables, do the following:

  1. Choose Policy Objects > Services.

  2. Click Add.

  3. In the Name field, enter system (case-insensitive).

  4. Select Windows Inbound: Process/Service-Based from the Operating System drop-down list.

  5. In Port and/or Protocol, specify the port/protocol, separating the port and protocol with a space.

    For example: %systemroot%\myprocess.exe

  6. Click Save.