I am not sure about anyone else but the Defense+ system seems to be quite buggy. Please tell me what is happening here, see attachment. As you can see, the Cygwin file group includes …/bash.exe as a allowed application but I am still getting a HIPS alert irregardless. Which I opted to treat it as a Windows Application? Am I missing something in regards to the File Rating system, does it work?
You mean bash.exe and it’s located here C:\cygwin\base\bin\bash.exe. I specifically clicked on browse and selected the file by hand when I added it to Cygwin file group. The first rule is the same path as listed in the Cygwin file group on my first post. Additionally, C:\cygwin\base* is listed in the Cygwin file group, but I got an alert for C:\cygwin\base\Cygwin.bat irregardless. Are rules like C:\cygwin\base* recursive? Requested image is attached.
The allowed application ruleset allows everything except for running an executable. You can change ask to allow in the ruleset by double clicking your rule in the HIPS settings and changing it to “Use a custome ruleset” then click ask and change it to allow.
I noticed there was an modify option for ‘Run an excutable’ and added the File group Cygwin to the Allowed Files/Folders to no avial. I still get allert requesting permission for bash.exe to excute another command which then leads on to a parade of alerts. See attactment.