Help me to create an advanced rule pls

Hi, I want CIS HIPS to default deny any execution from

C:\ and
?:\

while still allowing execution from

C:\Program Files
C:\Windows

Using XP 32 bit. Is it even possible? Thanks

What are you trying to achieve?
Something like parental control?

Trying to make a default deny novice set up.

Would it be like you want it to have,
if you made the necessary permissions,
and then
enable under parental control
“dont show alerts for firewall and/or defense+ if the password is set”
?

no, just a block rule. block rule will obviously not give a pop up.

Create 2 rules in defense+ > computer security setting:
C:\Program Files* (and choose what effect should be allowed in your case (or /blocked/asked))
C:\Windows* (and choose again)

Then use “dont show alerts if password is active”.
Practically you got what you asked for.
…or i still dont understand what you are trying to achieve.
At least try it, if it allready fits your expectation.

Note: You basically lower the security by fullfilling your idea!
“While still allowing execution from…”… Look here, you are going to disable the default deny principle by following your intention, only based on drive/folder names. Thats not good.

Edit: My suggestion is,
ask the novice what he is about to do.
Then do it, make the permissions.
And then just block the alerts with a password.
Additionally you could choose safe mode for defense+.
(Let the novice watch, … will be surprised how easy it is to do it)

The same procedure for the firewall.
But i would not suggest to use safe mode for a firewall. Better use custom mode.
Give the programs that your novice wants to use online “outgoing only” rules. (Or UDP+TCP outgoing).

Again, supress the alerts later if password is active.

Thats a lot safer approach.

In V6, if an application is blocked for “direct disk access”, it will not read the following paths.

?:\ -->root of the disk

?:\Documents and Settings\


You can check it by applying the explorer.exe for that.

Thanks.