Jump to content

Recommended Posts

Hi,
I created this topic to share our knowledge and tricks about Hips in Eset and from what I see this Hips is very smart and powerful so nothing cant beat it(Thnx to Eset(*-*))
I'm gonna show you how to force the Hips to work as an anti-Exe, so you don't need VoodooShield or other similar tools anymore while using Eset.
I'm using Hips in interactive mode but consider that you can also do it in policy mode.
So how?
1- Go to the HIPS settings and then click Edit.
2-In the new page press Add and choose a name for your rule(In my case its kitty).
3-Set the ask rule for action field.
4- Under the operation affecting pls check Applications an press next.
5-In the new windows press Add then go to the C:\Windows directory and type Explorer( so it will find it automatically) and press open and after that ok.
6- You will see Explore.exe added to the source applications list.
7-Press next and in the new windows under the application operations pls choose  start the new application and press next and after that finish!
8-When you did all of these steps just press ok!we are done we got an anti-Exe all for free.
Every time you run a file it will alert you for that so  if you know its  safe and don't want to get an alert about it anymore just chose  
create rules and remember permanently then go to the advanced settings and chose only for target and press allow so it will remember this rule and never ask you about it again.
A powerful and easy to have an anti-Exe also I apologize for my English mistakes.
 I hope this helps -_-


P.s: The good thing is it will not alert for win process (Idk how Eset created it but its smart).
so it will not make you windows crash but if you don't know how to deal with alerts or cant read the information pls don't do that.59da9e76948c9_ANTIEXE.PNG.0120676d92140779c37bc115fe6eee10.PNG

ANTI EXE.PNG

anti exe 2.PNG

3.PNG

4.PNG

5.PNG

6.PNG

Edited by persian-boy
Link to comment
Share on other sites

  • Administrators

I have no clue why you did it so difficult and limited to explorer.exe. I use a simple HIPS rule to ask me about an action before launching an application for which no rule exists yet. I don't limit it to explorer.exe as only a small portion of files are executed via Explorer.

Link to comment
Share on other sites

Hi Marcos, thanks for the comment but can you pls share your rules?
I also know my rule makes no sense but working as a simple AntiExe:D

Edited by persian-boy
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...