itman 1,089 Posted September 22, 2015 Share Posted September 22, 2015 If I have a HIPS rule that protects a target process against "Modify state of another application", will it protect against these memory injection methods: VirtualAllocEx/VirtualFreeEx WriteProcessMemory CreateRemoteThread I believe it does but just want to verify. Link to comment Share on other sites More sharing options...
ESET Moderators TomasP 276 Posted October 30, 2015 ESET Moderators Share Posted October 30, 2015 Hello itman, I have checked with the developers and yes, our product is able to protect against these methods. Regards, T. Link to comment Share on other sites More sharing options...
itman 1,089 Posted October 30, 2015 Author Share Posted October 30, 2015 Hello itman, I have checked with the developers and yes, our product is able to protect against these methods. Regards, T. Thanks for the confirmation. My testing of ver. 8 HIPS rule based memory protection shows it is very good. For example, it has blocked reflective dll injection attempts into both active and suspended protected processes. I haven't tested it against process memory "hollowing" methods yet. Link to comment Share on other sites More sharing options...
Recommended Posts