The HIPS feature in CAVS only works for programs that are being started while CAVS is running. It ignores everything that was already active before CAVS was running.
If you, for example, simply add an unknown program to the start up folder in the start menu, it will run without a warning. So, bypassing the HIPS feature is easy. How can it ever detect malware that starts at system start up? At the moment it can’t and that greatly reduces the value of this feature…
On my PC there appears to be no program that CAVS does not check at start up. Anything I have added to the start up list that is not likely to be in the CAVS allow list is detected at start up and CAVS asks if I want to allow or deny. I have tried this with several programs and CAVS has asked about them all.
If I disable HIPS and start a program and then re-enable HIPS then CAVS does not detect the program.
I agree that this could be potential problem at start up though I have been unable to reproduce it (CAVS must start first on my pc?). It would be better if HIPS checked running processes once initialized and warned if any were not on the allow list.
:SMLR
Exactly, and here that also happens with programs that are launched at system start. Not good.