Jump to content

protecting files using HIPS

Recommended Posts

my config : windows 10 pro version 1607 x64


i have done settings to protect files in D: drive from being accessed by applications running in the computer.



you can see the detail of HIPS rule here









Still Aimp audio player is able to access audio file in D: drive.

as you can see in pics below that there is no HIPS rule for Aimp.exe




So Aimp is basically bypassing ESET HIPS rule.

It means ESET HIPS does not know that Aimp is accessing file in D: drive


I am aware that this type of file access exists. what i understand about it is Aimp.exe don't directly access files in hard disk. It actually asks windows OS to access files for it. From what i have noticed is that ntoskrnl.exe (NT Kernel & System ) access the files for Aimp.



Similarly many other applications also accesses files in hard disk in this way and are potentially bypassing HIPS rule 


Interestingly ntoskrnl.exe is also not in the HIPS rule. Then why is allowed to access D: drive without asking the user.

Link to post
Share on other sites
  • 1 month later...
  • Administrators

1, It's not possible to block access to files using HIPS. You can prevent applications from deleting them but not from reading them. Also you've confined the rule to files in the root of drives.

Link to post
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...