Jump to content

Archived

This topic is now archived and is closed to further replies.

Slithereen Guard

protecting files using HIPS

Recommended Posts

my config : windows 10 pro version 1607 x64

 

i have done settings to protect files in D: drive from being accessed by applications running in the computer.

 

 

you can see the detail of HIPS rule here

post-7526-0-20223000-1471057929_thumb.jpg

 

post-7526-0-85985100-1471057930_thumb.jpg

 

post-7526-0-45598400-1471057932_thumb.jpg

 

post-7526-0-88991600-1471057936_thumb.jpg

 

Still Aimp audio player is able to access audio file in D: drive.

as you can see in pics below that there is no HIPS rule for Aimp.exe

 

post-7526-0-54744700-1471057942_thumb.jpg

 

So Aimp is basically bypassing ESET HIPS rule.

It means ESET HIPS does not know that Aimp is accessing file in D: drive

 

I am aware that this type of file access exists. what i understand about it is Aimp.exe don't directly access files in hard disk. It actually asks windows OS to access files for it. From what i have noticed is that ntoskrnl.exe (NT Kernel & System ) access the files for Aimp.

 

 

Similarly many other applications also accesses files in hard disk in this way and are potentially bypassing HIPS rule 

 

Interestingly ntoskrnl.exe is also not in the HIPS rule. Then why is allowed to access D: drive without asking the user.

Share this post


Link to post
Share on other sites

1, It's not possible to block access to files using HIPS. You can prevent applications from deleting them but not from reading them. Also you've confined the rule to files in the root of drives.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...