Clarification needed regarding use of HIPS rules in BB [V6][HF]

M.Richter · January 18, 2013, 12:48am

the mods say that the BB or automatic sandbox have hips functionality,even the HIPS is disabled. also they quoted egemen that he said this.

BUT you can not read about in the help file, see: Behaviour Blocker, Network Access, Internet Protection | Internet Security v6.3

there is clearly written that the Behavior blocker is checking hashes only for the decisions. No HIPS controlling if HIPS is disabled.

The Behavior Blocker is an integral part of the Defense+ engine and is responsible for authenticating every executable image that is loaded into the memory. The Behavior Blocker intercepts all files before they are loaded into memory and intercepts prefetching/caching attempts for those files.[u][b] It calculates the hash of the executable at the point it attempts to load into the memory. It then compares this hash with the list of known / recognized applications that are on the Comodo safe list. If the hash matches the one on record for the executable, then the application is safe and the Behavior Blocker allows it to run. If no matching hash is found on the safelist, then the executable is 'unrecognized' and is run inside the auto-sandbox.[/b][/u] You will be notified via an alert when this happens.

so what is right?

please improve the help file if the BB really have HIPS controlling even HIPS is disabled.

a256886572008 · January 18, 2013, 10:01am

BB = auto decision for HIPS rules

M.Richter · January 18, 2013, 11:19am

ok, sounds good… but but, how can it be if there is no HIPS?

mouse1 · January 19, 2013, 9:48am

To be more precise:

HIPS = HIPS rules instance 1, tailorable by user, controlled by HIPS enable/disble
BB = HIPS rules instance 2 plus coded rules plus FW rules, non-tailorable by user, not controlled by HIPS enable/disable, controlled by BB enable/disable

HIPS run-time engine, on which HIPS rules run maybe = always on, maybe off if HIPS and BB is off.

Dch48 · January 19, 2013, 10:03am

Yes but the point is that the Help file does not say that. It makes it look like the Behavior Blocker is just a file reputation service that restricts things that are unknown to it.

mouse1 · January 19, 2013, 10:38am

I understand that and fully agree. I’m currently advocating review of help file with QA.

See all my Beta forum comments on the help file

So, input now is very timely - keep it coming

Best wishes

Mouse

M.Richter · January 19, 2013, 11:28am

That is the point! Thank you

Chiron494 · June 24, 2013, 5:14pm

Can you please check and see if this is fixed.

Thank you.

PM sent.

M.Richter · June 29, 2013, 1:50pm

nothing is fixed… the mods and Egemen tolds that the BB have HIPS even the HIPS is disabled. But the help file says nothing about that.

Chiron494 · June 29, 2013, 2:03pm

I understand. It would be nice for the help file to be more explicit about this.

M.Richter · July 1, 2013, 9:16am

Right. Like i posted at the beginning of this topic a half year ago. But nothing changed.

The mods and egemen said other things about HIPS and BB than we can read in the help file. If u read the help file, than the BB is just a hash-checker. See my post at the beginning of this topic.
So who is wrong? - the help file or the mods and egemen?

Chiron494 · October 1, 2013, 5:20pm

Can you please check and see if this is fixed with the newest version (6.3.294583.2937)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

Chiron494 · March 7, 2014, 6:53pm

Can you please check and see if this is fixed for the corresponding Help File for the newest version of CIS (7.0.313494.4115)? Please respond to this topic letting us know whether it is fixed or not.

Thank you.

PM sent.

Chiron494 · November 20, 2014, 6:29pm

If you are able please check with the newest version (CIS version 8.0.0.4337) and let me know if this is fixed on your computer with that version.

Thank you.