HIPS Problem

[coval 0]

I create a rule for Brave Browser Use Data, but ESET Hips always shows message that other applications will create files in some directories,  not Brave Browser Use Data directory.  There are no other rules and the hips mode is automatic mode. I also test it in Windows 7 and it works well. But it doesn't work in Windows 10. What's the problem ?

Other information:

ESET Version: ESET Internet Security 13.0.22.0

WIndows Version:WIndows 10 x64 LTSC 1809 (17763.864)

 

Here is hips logs.

eis_logs.zip

 

 

 

 

 

 

 

Edited December 6, 2019 by coval

[Marcos 4,706]

I'd recommend reproducing the problem with English version of ESET and proving logs collected with ESET Log Collector then.

[itman 1,540]

I suspect your problem is how you coded your HIPS rule for the Brave browser. You coded "C:\Users\\AppData ............... Wildcards of any type are not supported in file path names other than at the end of the path name; e.g. .......\* or ........\*.*.

Add the missing user name; e.g. "C:\Users\xxxxxx\AppData .........", and retest.

Edited December 6, 2019 by itman

[Marcos 4,706]

The OP used C:\Users\\Appdata\... which is ok and supported.

[itman 1,540]

5 hours ago, Marcos said:

The OP used C:\Users\\Appdata\... which is ok and supported.

It never worked for me. And from the posted OP screen shots, it's not working for him either.

-EDIT- What does work is the use of \\ in registry keys specification. It equates to \.default\

Edited December 6, 2019 by itman

[itman 1,540]

I just tested this "\\" capability.

I created an ask rule for file modification in C:\Users\\AppData\Local\Temp\*.*.  The ask rule did trigger. However, I was stuck in a loop when I selected "Deny" with the HIPS repeating the same alert. I finally resorted to allowing the file add attempt.  That succeeded but only after multiple ask alerts till finally stopping.

Perhaps the issue was the use of Win Explorer to add the file but I doubt it.