karanik 0 Posted January 13, 2020 Posted January 13, 2020 Hello, I am trying to block application via policy on ESET Remote Administration. More specific from Detection Engine / HIPS / Rules. Is this right? Is there any other way to do? Is it possible that? Clinets: Endpoint Antivirus Version of Product 7.0.2100.4 Server: ESET Remote Administrator (Server), Version 6.5 (6.5.417.0) ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0) CentOS (64-bit), Version 7.7.1908
Administrators Marcos 5,441 Posted January 13, 2020 Administrators Posted January 13, 2020 We do not have a feature like Application Control. Currently you can use HIPS rules to block access to or execution of specific applications defined by a path.
karanik 0 Posted January 13, 2020 Author Posted January 13, 2020 1 minute ago, Marcos said: We do not have a feature like Application Control. Currently you can use HIPS rules to block access to or execution of specific applications defined by a path. Yes as said on first post i tried with HIPS. Can you give a full example? Because i tried with specific path with executable file. For example i tried with below "C:\Program Files (x86)\Notepad++\notepad++.exe" C:\Program Files (x86)\Notepad++\notepad++.exe "C:\Program Files (x86)\Notepad++\*
Administrators Marcos 5,441 Posted January 13, 2020 Administrators Posted January 13, 2020 This is a rule to block execution of Notepad:
itman 1,799 Posted January 13, 2020 Posted January 13, 2020 (edited) I am wondering if the issue is the use of the "+" sign in the path name? Note the OP is referring to notepad++ app and not the Win notepad.exe app. As as test, create a HIPS rule for Microsoft's notepad.exe startup and see that works. Edited January 13, 2020 by itman
karanik 0 Posted January 13, 2020 Author Posted January 13, 2020 (edited) 23 minutes ago, Marcos said: This is a rule to block execution of Notepad: Thank you Marcos. It is working. Notepad is for example. I block other application. Edited January 13, 2020 by karanik
karanik 0 Posted January 13, 2020 Author Posted January 13, 2020 24 minutes ago, itman said: I am wondering if the issue is the use of the "+" sign in the path name? Note the OP is referring to notepad++ app and not the Win notepad.exe app. As as test, create a HIPS rule for Microsoft's notepad.exe startup and see that works. I just wanted an example. I wanted to block another application.
Recommended Posts