Jump to content

Archived

This topic is now archived and is closed to further replies.

coval

HIPS Problem

Recommended Posts

I create a rule for Brave Browser Use Data, but ESET Hips always shows message that other applications will create files in some directories,  not Brave Browser Use Data directory.  There are no other rules and the hips mode is automatic mode. I also test it in Windows 7 and it works well. But it doesn't work in Windows 10. What's the problem ?

Other information:

ESET Version: ESET Internet Security 13.0.22.0

WIndows Version:WIndows 10 x64 LTSC 1809 (17763.864)

1.png.dc5994ae2744d757c9a1899329208bc2.png

2.png.acf86ce80aee9bdc26dd9d4600319c27.png

3.png.937b281c5e160f524c4dd943efeb8d61.png

4.png.05f310aa4618befb4924d276b4864c35.png

5.png.fc7a0e0bc8e7ceba1ddc11607794df0e.png

6.png.ff574269e61c9df5430c73ff4cee1ecd.png

7.thumb.png.3cac081a6b940be411ba5e47e88f6c47.png

 

Here is hips logs.

eis_logs.zip

 

 

 

 

 

 

 

Share this post


Link to post
Share on other sites

I'd recommend reproducing the problem with English version of ESET and proving logs collected with ESET Log Collector then.

Share this post


Link to post
Share on other sites

I suspect your problem is how you coded your HIPS rule for the Brave browser. You coded "C:\Users\\AppData ............... Wildcards of any type are not supported in file path names other than at the end of the path name; e.g. .......\* or ........\*.*.

Add the missing user name; e.g. "C:\Users\xxxxxx\AppData .........", and retest.

Share this post


Link to post
Share on other sites

The OP used C:\Users\\Appdata\... which is ok and supported.

Share this post


Link to post
Share on other sites
5 hours ago, Marcos said:

The OP used C:\Users\\Appdata\... which is ok and supported.

It never worked for me. And from the posted OP screen shots, it's not working for him either.

-EDIT- What does work is the use of \\ in registry keys specification. It equates to \.default\

Share this post


Link to post
Share on other sites

I just tested this "\\" capability.

I created an ask rule for file modification in C:\Users\\AppData\Local\Temp\*.*.  The ask rule did trigger. However, I was stuck in a loop when I selected "Deny" with the HIPS repeating the same alert. I finally resorted to allowing the file add attempt.  That succeeded but only after multiple ask alerts till finally stopping.

Perhaps the issue was the use of Win Explorer to add the file but I doubt it.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...