Blacklisting/whitelisting directory

[jdziat]

is it possible to block or grant execution based off of where an executable is stored?

[russellhancox]

It can allow based on a path using a regex. The config key WhitelistRegex controls this (which can only be set when santad is not running).

I could add an equivalent for blacklisting by path if it would be useful for you.

[jdziat]

That would be great

On Sat, Sep 12, 2015 at 12:46 PM, google/santa
reply@reply.github.com
wrote:
It can allow based on a path using a regex. The config key WhitelistRegex
controls this (which can only be set when santad is not running).

I could add an equivalent for blacklisting by path if it would be useful for
you.

—
Reply to this email directly or view it on GitHub
[https://github.com//issues/23#issuecomment-139796211] .[https://github.com/notifications/beacon/ABITygTOGRyJqovqYPp_hDkW6Ott7gN5ks5oxE5RgaJpZM4F8RYU.gif]

[sincerelyjoshin]

+1, but would love to see blacklisting available for all executables stored in specific directory. functionality similar to mcxalr.

[russellhancox]

Fixed with 5b0e550, which will be included in the 0.9.1 release (which I'm cutting now).