CmdmatchV2.exe, a command line driven tool, can be used to help troubleshoot the mismatch of command line arguments in policies. It is designed to mimic the IPS driver's behavior when parsing command line arguments.
In CSP, the command line arguments offer a very granular way to assign processes to process sets and to enable rules or exceptions.
To use:
- Extract .zip file to a directory
- Navigate to the directory where the tool was extracted to
- Run the tool in verbose mode by entering "cmdmatchV2.exe -v". Verbose mode tells you what did or did not match.
- Enter in the pattern that you are adding to a rule, hit Enter
- Copy and paste the argument that is reported in either the Event Viewer or the Management Console, hit enter.
- View the output. You will see that either the whole command matched, or if there was a mismatch, it will tell you where.
Here is a screenshot of the tool:
