Jump to content

Unc path can bypass the HIPS rules?


superzpy

Recommended Posts

Hi there.

I added a hips rule and deny all files operations in a path .

If I access this path by UNC from another pc, I can still modify/delete files in it.

Can someone help to explain why the hips does't work, please? :)

 

Link to comment
Share on other sites

Seems to be so.

I have set a local folder to be visible in the LAN (like "\\server\Runtime"), and added a rule to protect the local path of the folder (like "C:\Users\Username\Runtime"). And apply on all applications.

unc_rule.jpg.05277be728b7c535eb74f5788a525561.jpg

options.jpg.d6c36530308419294a3e1a27c27ae00e.jpg

When explorer.exe tries to create a new folder through the local path, the HIPS will prompt the window; but accessing from Network using explorer.exe doesn't prompt any window. Adding the network path to the protection doesn't help

 

Link to comment
Share on other sites

  • ESET Staff

I have checked with developers, and the statement for now is, that UNC is not officially supported. We will be tracking improvement for adding it to the future versions of our product.

Link to comment
Share on other sites

41 minutes ago, MichalJ said:

I have checked with developers, and the statement for now is, that UNC is not officially supported. We will be tracking improvement for adding it to the future versions of our product.

That is very scary to hear. Future version might be 7?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...