persian-boy 22 Posted October 8, 2017 Share Posted October 8, 2017 (edited) Hi, I created this topic to share our knowledge and tricks about Hips in Eset and from what I see this Hips is very smart and powerful so nothing cant beat it(Thnx to Eset(*-*)) I'm gonna show you how to force the Hips to work as an anti-Exe, so you don't need VoodooShield or other similar tools anymore while using Eset. I'm using Hips in interactive mode but consider that you can also do it in policy mode. So how? 1- Go to the HIPS settings and then click Edit. 2-In the new page press Add and choose a name for your rule(In my case its kitty). 3-Set the ask rule for action field. 4- Under the operation affecting pls check Applications an press next. 5-In the new windows press Add then go to the C:\Windows directory and type Explorer( so it will find it automatically) and press open and after that ok. 6- You will see Explore.exe added to the source applications list. 7-Press next and in the new windows under the application operations pls choose start the new application and press next and after that finish! 8-When you did all of these steps just press ok!we are done we got an anti-Exe all for free. Every time you run a file it will alert you for that so if you know its safe and don't want to get an alert about it anymore just chose create rules and remember permanently then go to the advanced settings and chose only for target and press allow so it will remember this rule and never ask you about it again. A powerful and easy to have an anti-Exe also I apologize for my English mistakes. I hope this helps P.s: The good thing is it will not alert for win process (Idk how Eset created it but its smart).so it will not make you windows crash but if you don't know how to deal with alerts or cant read the information pls don't do that. Edited October 8, 2017 by persian-boy Link to comment Share on other sites More sharing options...
Administrators Marcos 5,189 Posted October 9, 2017 Administrators Share Posted October 9, 2017 I have no clue why you did it so difficult and limited to explorer.exe. I use a simple HIPS rule to ask me about an action before launching an application for which no rule exists yet. I don't limit it to explorer.exe as only a small portion of files are executed via Explorer. Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 10, 2017 Author Share Posted October 10, 2017 (edited) Hi Marcos, thanks for the comment but can you pls share your rules? I also know my rule makes no sense but working as a simple AntiExe:D Edited October 10, 2017 by persian-boy Link to comment Share on other sites More sharing options...
persian-boy 22 Posted October 11, 2017 Author Share Posted October 11, 2017 Actions=ask Operation affecting: Applications Application operation: start new application Aapplcaition=all applications Is it the rule you mentioned? Link to comment Share on other sites More sharing options...
Recommended Posts