novice 20 Posted February 27, 2017 Share Posted February 27, 2017 (edited) Hi, How do I move a rule I created in HIPS up or down? Or how do I insert a rule between two existing rules? (NOD32 v.8) Thanks! Edited February 27, 2017 by novice Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted February 27, 2017 Administrators Share Posted February 27, 2017 HIPS rules are evaluated in the way that more specific rules take precedence over generic rules and blocking rules over allowing rules if both are equal in terms of defined parameters. E.g. if you have a generic blocking rule to block writing to a specific folder for any application and another allowing rule that allows application XY to write into the folder, the allowing rule will take precedence so that only the application XY will be able to write into the folder. Link to comment Share on other sites More sharing options...
novice 20 Posted February 27, 2017 Author Share Posted February 27, 2017 Hi Marcos, In a previous answer of yours, (see below) you said: " then you create a general rule with no path specified, the former rule must be placed above the latter as the rule with the first matched condition is applied. It seems like, the order is important. So, my question is , how do I move the rules up and down , to change the order, and how do I insert a new rule between two rules already created? Link to comment Share on other sites More sharing options...
novice 20 Posted March 3, 2017 Author Share Posted March 3, 2017 Any updates, please? Link to comment Share on other sites More sharing options...
itman 1,630 Posted March 3, 2017 Share Posted March 3, 2017 (edited) HIPS rules are evaluated in the way that more specific rules take precedence over generic rules and blocking rules over allowing rules if both are equal in terms of defined parameters. E.g. if you have a generic blocking rule to block writing to a specific folder for any application and another allowing rule that allows application XY to write into the folder, the allowing rule will take precedence so that only the application XY will be able to write into the folder. What this means is it doesn't matter in what physical order the existing HIPS are listed as. Using Marcos's example, there are 10 user rules listed. The first rule listed is a block all app writes to folder x e.g. C:\x\*.*. The last rule listed is to allow app xyz to write to folder x e.g. C:\x\*.*. The last rule would be executed prior to the first rule. The above assumes all user "allow" rules are parsed and executed by the HIPS prior to any "ask" or "block" rules. Adiditionally, Eset has hidden HIPS rules that take precedence to any user created HIPS rules. Edited March 4, 2017 by itman Link to comment Share on other sites More sharing options...
Recommended Posts