Slithereen Guard 0 Posted August 13, 2016 Posted August 13, 2016 (edited) my config : windows 10 pro version 1607 x64 i have done settings to protect files in D: drive from being accessed by applications running in the computer. you can see the detail of HIPS rule here Still Aimp audio player is able to access audio file in D: drive. as you can see in pics below that there is no HIPS rule for Aimp.exe So Aimp is basically bypassing ESET HIPS rule. It means ESET HIPS does not know that Aimp is accessing file in D: drive I am aware that this type of file access exists. what i understand about it is Aimp.exe don't directly access files in hard disk. It actually asks windows OS to access files for it. From what i have noticed is that ntoskrnl.exe (NT Kernel & System ) access the files for Aimp. Similarly many other applications also accesses files in hard disk in this way and are potentially bypassing HIPS rule Interestingly ntoskrnl.exe is also not in the HIPS rule. Then why is allowed to access D: drive without asking the user. Edited August 13, 2016 by Slithereen Guard
Administrators Marcos 5,453 Posted September 15, 2016 Administrators Posted September 15, 2016 1, It's not possible to block access to files using HIPS. You can prevent applications from deleting them but not from reading them. Also you've confined the rule to files in the root of drives.
Recommended Posts