Can someone help me to know the correct way to set HIPS rules for a folder including all of its content, subfolders files etc. ?
I tried …/…/…/* format but it is not recognized.
My specific problem is that every time I start a jupyter notebook kernel, HIPS block it. Since the kernel change every time, I have to set rules for the entire runtime folder.
Thanks for your help.
Create a new file group and add the folder to that file group, then use the file group as the bases of the HIPS rule.
Thank you for the reply. I tried it but still doesn’t work.
Funny thing is HIPS even blocks *.py scripts even when they are listed as “Trusted”. Can you imagine what is going wrong?
Can you show/explain how you did it and what is happening that you expected to not happen? For the python scripts are you sure it is the same one listed in file list as trusted that is being blocked by HIPS?
So I created the file groups.
Then set the HIPS rule as allowed application for the entire group.
I expected the python scripts in the envs folder or the kernels in the runtime folder to not be blocked but the opposite happens.
I can’t figure out this behavior.
You should remove the entries from unblock applications as those may be from before you created the rules. If you are not getting HIPS alerts from those scripts then they most likely are not getting blocked by HIPS anymore. The only other way they could be getting blocked is if they are trying to access any of CIS processes in memory, you would need to check the HIPS event logs to see the cause of the block. Take note of the time to make sure the events are from after creating the HIPS rule.
Thank you for the reply. I tried what you said but couldn’t find any suspicious behaviors in the log. For the time being, I set the HIPS to training mode when I work with jupyter notebook. It solves the problem but I hope I can find a permanent solution soon.