Jump to content

Recommended Posts

my config : windows 10 pro version 1607 x64

 

i have done settings to protect files in D: drive from being accessed by applications running in the computer.

 

 

you can see the detail of HIPS rule here

post-7526-0-20223000-1471057929_thumb.jpg

 

post-7526-0-85985100-1471057930_thumb.jpg

 

post-7526-0-45598400-1471057932_thumb.jpg

 

post-7526-0-88991600-1471057936_thumb.jpg

 

Still Aimp audio player is able to access audio file in D: drive.

as you can see in pics below that there is no HIPS rule for Aimp.exe

 

post-7526-0-54744700-1471057942_thumb.jpg

 

So Aimp is basically bypassing ESET HIPS rule.

It means ESET HIPS does not know that Aimp is accessing file in D: drive

 

I am aware that this type of file access exists. what i understand about it is Aimp.exe don't directly access files in hard disk. It actually asks windows OS to access files for it. From what i have noticed is that ntoskrnl.exe (NT Kernel & System ) access the files for Aimp.

 

 

Similarly many other applications also accesses files in hard disk in this way and are potentially bypassing HIPS rule 

 

Interestingly ntoskrnl.exe is also not in the HIPS rule. Then why is allowed to access D: drive without asking the user.

Edited by Slithereen Guard
Link to post
Share on other sites
  • 1 month later...
  • Administrators

1, It's not possible to block access to files using HIPS. You can prevent applications from deleting them but not from reading them. Also you've confined the rule to files in the root of drives.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...