Jump to content

HIPS Question

itman
 Share

Recommended Posts

itman

itman 1,659

Posted
Posted

If I have a HIPS rule that protects a target process against "Modify state of another application", will it protect against these memory injection methods:

 

VirtualAllocEx/VirtualFreeEx

WriteProcessMemory

CreateRemoteThread

 

I believe it does but just want to verify.

Link to comment
Share on other sites
  • 1 month later...
  • ESET Moderators
TomasP

TomasP 316

Posted
  • ESET Moderators
Posted

Hello itman,

 

I have checked with the developers and yes, our product is able to protect against these methods.

 

Regards,

T.

Link to comment
Share on other sites
itman

itman 1,659

Posted
  • Author
Posted

Hello itman,

 

I have checked with the developers and yes, our product is able to protect against these methods.

 

Regards,

T.

Thanks for the confirmation.

 

My testing of ver. 8 HIPS rule based memory protection shows it is very good. For example, it has blocked reflective dll injection attempts into both active and suspended protected processes. I haven't tested it against process memory "hollowing" methods yet.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...