itman 1,924 Posted September 22, 2015 Posted September 22, 2015 If I have a HIPS rule that protects a target process against "Modify state of another application", will it protect against these memory injection methods: VirtualAllocEx/VirtualFreeEx WriteProcessMemory CreateRemoteThread I believe it does but just want to verify.
ESET Moderators TomasP 335 Posted October 30, 2015 ESET Moderators Posted October 30, 2015 Hello itman, I have checked with the developers and yes, our product is able to protect against these methods. Regards, T.
itman 1,924 Posted October 30, 2015 Author Posted October 30, 2015 Hello itman, I have checked with the developers and yes, our product is able to protect against these methods. Regards, T. Thanks for the confirmation. My testing of ver. 8 HIPS rule based memory protection shows it is very good. For example, it has blocked reflective dll injection attempts into both active and suspended protected processes. I haven't tested it against process memory "hollowing" methods yet.
Recommended Posts