Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at

This documentation does not apply to the most recent version of uberAgent. Click here for the latest version.

Security Descriptor & ACL Monitoring

The ESA Threat Detection rules for permissions (security descriptors and ACLs) are vast limits vendor rules.

File System ACL Rules

The rules in this section detect suspicious behavior related to file system permissions (ACLs).

  • Detect processes started from directories that are user-writeable
  • Detect process starts from directories with a low mandatory integrity label

Security Descriptor Monitoring Capabilities

uberAgent ESA has sophisticated features that make security descriptors, which can be a bit obscure and difficult to work with, much more accessible:

  • SID to name lookup
  • Conversion of hex access masks to permission strings

Please see this document for details.


Your email address will not be published. Required fields are marked *