HIPS Rules

Hi, what does it men if I change the access rights for an application?
Fore example if we take application X and block the action for “run en executable” - what happens? I can’t understand what is blocked here, because this application is not blocked from running. (the same for process termination)

If HIPS rules can block an application/processes from running then what are the conditions?
any examples?

If you block the action “Run an executable” then that program will not be able to run another program. So for example if you have a malware called malware.exe and you block the action “Run an executable” for that malware, then it can not start the second malware called malware2.exe.
The process termination, if set to block, will prohibit the application, in this case malware.exe from terminating other applications, so malware.exe will not be able to terminate for example explorer.exe.

To block an application from running, navigate to “Protected Objects” under the HIPS settings and go to the tab “Blocked Files” then add the application you want to block. I’ve attached a screenshot showing how to block a program.

[attachment deleted by admin]

Aha, thanks, it is clear now.

There’s another way too:

Instead of allowing apps to do things, you can specify which apps are allowed to be done by.

For example, IE will only allow termination by a specific set of apps (as oppossed to allowing a number of apps each of which can terminate IE).

One has to activate protection settins for that.