Defense+/HIPS blocked intrusions

I have the main window of CIS open and in HIPS I have 42 blocked intrusions.
Some of these 42 blocked intrusions are files that I need. How can I unblock them or where can I find the files that Defense+ block?
I searched in Security Settings - Defense+ - Hips- Protected Objects - Blocked files but here is no file.
Where are the files blocked?

I’ve been searching for hours and hours on your site, forum etc but can’t find anything that can help me.
Please help me!

Thank you!

Unless you have manually enabled HIPS or switched configuration to Proactive then it’s the sandbox that has sandboxed unknown files (unknown to CIS) the logs for this will show under Defense+ as well.

The files are most likely in the Unrecognized Files List, you can get there by following these instructions:

[ol]- Open the main CIS window

  • Click Tasks in the upper right corner next to the green arrow
  • Expand Advanced Tasks
  • Click Open Advanced Settings
  • Expand Security Settings in the left menu of the new window
  • Expand File Rating
  • Click Unrecognized Files[/ol]

In this list you should see all files that can’t be recognized by CIS and has hence been sandboxed. If you want to move them to the Trusted Files List then you can select one or more entries, then right-click one of them and click Move to > Trusted Files, after you’ve done that you need to click OK on all CIS windows and then restart the relevant applications.

Thank you so much for your answer.

Unfortunately I didn’t find anything: I followed exactly your indications but in Unrecognized files window there is no list, or more exactly the list is empty.

The only place where the files I need are mentioned is in the Defense+ Events window that opens when I click on the number of blocked intrusions in the main window.

I don’t understand anything anymore…

Anyhow thank you for trying to help me.

There is still more we can do :slight_smile:

Could you perhaps take a screenshot of the Defense+ logs? (As much of it as possible)

Also could you right-click the CIS tray icon and make sure Advanced View is enabled and then right-click the tray icon again and the click on HIPS then tell me what it’s set to and then click on Auto-Sandbox and tell me what it’s set to, this is to see whether it is HIPS or BB which is blocking your files.

I’ve made a screeshot of the main window of CIS and another of the window with the Defence+ events where my dissapeared files are mentioned (files I downloaded with Free Download Manager - frd.jar - when HIPS was enabled and that were supposed to be on my desktop as the download manager shows 100% downloaded files). I attached them because I don’t know how to post them directly in this message.

The Advanced view is enabled. The HIPS is now disabled by me, but when these files were downloading it was enabled.
The Auto-Sandbox is and has been always disabled, because I don’t know yet how it works (I have to learn when I have more time).

Thank you!

[attachment deleted by admin]

Can you show me a screenshot of your HIPS settings?

Yes of course!

[attachment deleted by admin]

Well if you’re using HIPS then it should alert you instead of just outright block it instantly, I don’t understand why it wouldn’t for you.

Or perhaps I misunderstand what the problem is?

I’m sure the alert message appreared but I wasn’t in front of my computer and maybe after a certain number of seconds it acted as if the files were a menace, since I didn’t confirm the contrary.

The problem is that I can’t find anywere these files blocked by HIPS. Shouldn’t be an option to unblock the blocked files? And where this files could be stored? I really don’t know… :cry:

If a program was blocked from creating a file then that file wont have been created and hence doesn’t exist on your system.

Maybe autosandboxed and those actions are the restricted ones of the current level?

Go to Advanced Settings > Defense + > HIPS > HIPS Rules
and look for your isolated program, right click > edit > and change to whatever you like
hope this helps, it did for me