HIPS questions

1.) Can i delete ALL existing (out of the box) HIPS rules without affecting other CIS functionality like Autosandbox and its protection levels? I don’t use HIPS part otherwise, but i’d use it for protection of very specific files and apps so it would ONLY be triggered on those very specific rules and nothing else.

2.) How should i set HIPS rule in order to do the following:
I want to allow only 1 specific EXE to be allowed to access (read/modify/copy) a file on a disk. In my case browser password storage file where i want to allow only browser executable to access (read) it and no other. So no other EXE can access that password storage file and potentially steal it. I’ve checked the HIPS rules sets and i frankly have no idea how to use it for such scenario.

Awesome. Delete all HIPS rules except Comodo ones, set HIPS to Paranoid and get your system ■■■■■■ up for god knows what idiotic reason (seriously, why the hell it does this!!!). Stupid CIS just locks up the entire system as soon as it loads. So now i can’t even disable HIPS as i can’t do anything other than just move the mouse around. Can’t uninstall it in safe mode because it doesn’t work and installer refuses to run. Nice…

No it is not a very nice experience in V5 you could run the gui in Safe mode (f8) in V6 you cannot.

Yes they have told, if you lock your system there is no way out now.

The reason for system to not load is thousands of alerts which cannot be given in such a short space of time.

You could do this in version 3 but not V4 all rules had to be deleted one at a time.

I do hope you had a image of your system, and did not have to do a total reinstall.

Sorry this happen to you.

I am not sure that with Hips active and all rules delete any mode would work :-\

Dennis

Edit I presume you can alter the registry, but you would need to know which keys to change.

How on Earth do you set an access restriction (even to read, not just modify) to a specific file from anything but the allowed EXE? It’s so stupid, i need to use HIPS in Safe Mode to test (otherwise everything gets locked down), but in this case i have no clue if it works because anything i want to test gets allowed because HIPS in Safe Mode allows whitelisted apps. So i can make a rule i’m not even sure it does what it’s suppose to do, because there is NO way to test it.

No sorry Paranoid Mode is the only way.

Safe mode allows all trusted applications.

The only way which may work activated hips set to Safe Mode and tick box to create rules for safe applications.

Then after you have run all applications you consider safe, change to Paranoid Mode and place you restrict rule at the top of the list.

Sorry this is so long winded, but I do not see any other easy way to restrict a application and be sure it is actually restricted.

Dennis

The only problem is, whenever i set to Paranoid mode, system gets locked down. So i guess HIPS is useless for what i need it. At least for now if they plan to ever fix this…

Sorry I cannot help you to get the required settings that you want.

Sorry I very much doubt that they plan to fix your problem with Paranoid Mode.

They seem more interested in providing a Security process which works in default mode for all at the moment, which I do not really expect to change as their idea is to provide free security for all.

Once all bugs and problems with this mode have been fixed I would hope they would provide more help for other modes of use.

Dennis

Can the HIPS be disabled altogether.?
I have it set to disabled within the interface but i notice it still runs even when set to disabled.
Thanks.

Do you mean some standalone resident part of CIS in RAM devoted to HIPS? AFAIK there’s no such.