How does COMODO's HIPS work "exactly"?

Simple question, possibly not so simple answer… How does COMODO’s HIPS work “exactly”? How does it hook into the system to monitor things? How does it intercept applications? Is it running its own show for access control, or does it make use of Windows’s built-in ACL? etc…

I’m not expecting you to spill your precious intellectual property beans, just some basics on the inner workings, so that I can understand what this application would do on my system.


Welcome to the forum . . . it’s probably best if you read through the HIPS section here, which should give you the best information: HIPS Function

It uses a combination of user-mode WinAPI hooking, kernel callback notification routines, and a file system mini-filter driver.