Jump to content

HIPS rules order in v.8


novice
 Share

Recommended Posts

Hi,

 

How do I move a rule I created in HIPS up or down? Or how do I insert a rule between two existing rules? (NOD32 v.8)

 

Thanks!

Edited by novice
Link to comment
Share on other sites

  • Administrators

HIPS rules are evaluated in the way that more specific rules take precedence over generic rules and blocking rules over allowing rules if both are equal in terms of defined parameters. E.g. if you have a generic blocking rule to block writing to a specific folder for any application and another allowing rule that allows application XY to write into the folder, the allowing rule will take precedence so that only the application XY will be able to write into the folder.

Link to comment
Share on other sites

Hi Marcos,

In a previous answer of yours, (see below)

you said:

" then you create a general rule with no path specified, the former rule must be placed above the latter as the rule with the first matched condition is applied.

It seems like, the order is important.

So, my question is , how do I move the rules up and down , to change the order, and how do I insert a new rule between two rules already created?

Link to comment
Share on other sites

HIPS rules are evaluated in the way that more specific rules take precedence over generic rules and blocking rules over allowing rules if both are equal in terms of defined parameters. E.g. if you have a generic blocking rule to block writing to a specific folder for any application and another allowing rule that allows application XY to write into the folder, the allowing rule will take precedence so that only the application XY will be able to write into the folder.

What this means is it doesn't matter in what physical order the existing HIPS are listed as.

Using Marcos's example, there are 10 user rules listed. The first rule listed is a block all app writes to folder x e.g. C:\x\*.*. The last rule listed is to allow app xyz to write to folder x e.g. C:\x\*.*. The last rule would be executed prior to the first rule.

The above assumes all user "allow" rules are parsed and executed by the HIPS prior to any "ask" or "block" rules.

Adiditionally, Eset has hidden HIPS rules that take precedence to any user created HIPS rules.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...