Do you think HIPS rules should take priority over BB?

As usual here’s an example: Let’s say you’re using BB on “Limited” setting or higher and you encounter some app that doesn’t work right under “Limited” (or missing some functionality), by vieweing the D+ logs you figure out that it doesn’t work because “Limited” setting won’t allow the app modify files in a certain folder. Let’s say that’s the only reason, so you only need to allow the app access to that folder and it would work fine, but you don’t really trust it enough to put it in Trusted list. Right now you need to enable BB exceptions, add the app there, then create HIPS rule (Advanced settings - Security settings - HIPS - HIPS rules ) with slightly altered “limited” ruleset.

Now if HIPS rules would have complete priority over BB setting, the above process would be much easier. You just add a rule for the “problematic” app and leave BB alone. Do you agree?

P.s. Currently only “block” HIPS rules have priority over BB.

  1. A virus executes the svchost.exe, and the svchost.exe can do anything without blocking by CIS.

  2. You can modify the protected files of BB by editing here.

[attachment deleted by admin]

It’s the chain of execution, that’s why its called Behavior Blocker. If untrusted or unknown file tries to execute a system file, it’ll get sandboxed automatically.