Clarification needed regarding use of HIPS rules in BB [V6][HF]

the mods say that the BB or automatic sandbox have hips functionality,even the HIPS is disabled. also they quoted egemen that he said this.

BUT you can not read about in the help file, see: Behaviour Blocker, Network Access, Internet Protection | Internet Security v6.3

there is clearly written that the Behavior blocker is checking hashes only for the decisions. No HIPS controlling if HIPS is disabled.

The Behavior Blocker is an integral part of the Defense+ engine and is responsible for authenticating every executable image that is loaded into the memory. The Behavior Blocker intercepts all files before they are loaded into memory and intercepts prefetching/caching attempts for those files.[u][b] It calculates the hash of the executable at the point it attempts to load into the memory. It then compares this hash with the list of known / recognized applications that are on the Comodo safe list. If the hash matches the one on record for the executable, then the application is safe and the Behavior Blocker allows it to run. If no matching hash is found on the safelist, then the executable is 'unrecognized' and is run inside the auto-sandbox.[/b][/u] You will be notified via an alert when this happens.

so what is right?

please improve the help file if the BB really have HIPS controlling even HIPS is disabled.

BB = auto decision for HIPS rules

:slight_smile: ok, sounds good… but but, how can it be if there is no HIPS? :slight_smile:

To be more precise:

HIPS = HIPS rules instance 1, tailorable by user, controlled by HIPS enable/disble
BB = HIPS rules instance 2 plus coded rules plus FW rules, non-tailorable by user, not controlled by HIPS enable/disable, controlled by BB enable/disable

HIPS run-time engine, on which HIPS rules run maybe = always on, maybe off if HIPS and BB is off.

Yes but the point is that the Help file does not say that. It makes it look like the Behavior Blocker is just a file reputation service that restricts things that are unknown to it.

I understand that and fully agree. I’m currently advocating review of help file with QA.

See all my Beta forum comments on the help file

So, input now is very timely - keep it coming :slight_smile:

Best wishes

Mouse

That is the point! Thank you :slight_smile:

Can you please check and see if this is fixed.

Thank you.

PM sent.

nothing is fixed… the mods and Egemen tolds that the BB have HIPS even the HIPS is disabled. But the help file says nothing about that.

I understand. It would be nice for the help file to be more explicit about this.

Right. Like i posted at the beginning of this topic a half year ago. But nothing changed.

The mods and egemen said other things about HIPS and BB than we can read in the help file. If u read the help file, than the BB is just a hash-checker. See my post at the beginning of this topic.
So who is wrong? - the help file or the mods and egemen?

Can you please check and see if this is fixed with the newest version (6.3.294583.2937)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

Can you please check and see if this is fixed for the corresponding Help File for the newest version of CIS (7.0.313494.4115)? Please respond to this topic letting us know whether it is fixed or not.

Thank you.

PM sent.

If you are able please check with the newest version (CIS version 8.0.0.4337) and let me know if this is fixed on your computer with that version.

Thank you.