Jump to content

HIPS Question


Recommended Posts

If I have a HIPS rule that protects a target process against "Modify state of another application", will it protect against these memory injection methods:

 

VirtualAllocEx/VirtualFreeEx

WriteProcessMemory

CreateRemoteThread

 

I believe it does but just want to verify.

Link to comment
Share on other sites

  • 1 month later...
  • ESET Moderators

Hello itman,

 

I have checked with the developers and yes, our product is able to protect against these methods.

 

Regards,

T.

Link to comment
Share on other sites

Hello itman,

 

I have checked with the developers and yes, our product is able to protect against these methods.

 

Regards,

T.

Thanks for the confirmation.

 

My testing of ver. 8 HIPS rule based memory protection shows it is very good. For example, it has blocked reflective dll injection attempts into both active and suspended protected processes. I haven't tested it against process memory "hollowing" methods yet.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...