When pods are started, containers run fast processes being tasks that are executed at high frequency and speed, or that respond to changing loads. You can configure executable files blocking so that fast processes in containers are synchronously blocked at the same time. For this purpose, when adding or editing a runtime profile in the blocking rules in the Restrict events → Container processes section in Policies → Runtime → Runtime profiles you must specify the files to block in one of the following ways:
/app/example.exe)*/example.exe) or file extension (for example, *.exe). In this case all files (subdirectories) that end with */example.exe or *.exe will be blocked./app/example*) or end of the file name (for example, /app/*). In this case all files (subdirectories) that begin with /app/example* or /app/* will be blocked.You can use only one asterisk (*) for indication.
example.exe). The name is changed to a string of the following format: <*/file_name> (for example, example.exe → */example.exe).