After reading http://forums.foxitsoftware.com/forum/portable-document-format-pdf-tools/foxit-reader/18349-does-foxit-reader-free-6-1-4-0217-have-malware and also having come across OCSetupHlp.dll myself on various machines as an add on during installation of apps I wonder how I can proactively block this little gem system wide even before the alert shows up?
I am thinking of something like Block OCSetupHlp.dll or something along the line, so that basically HIPS checks BEFORE an app that runs this a part of the install if it is there and immediately isolates it.
Is this possible?
Thank you for any help.
Is it possible to put something like C:****OCSetupHlp.dll with setting Blocked into HIPS?
I guess I would then add various levels of file path depth to the block rules, so to speak
to be able to catch OCSetupHlp.dll on whatever path it might pop up.
Can something like this be achieved with group settings?
Meaning if anywhere in any temp or install directory OCSetupHlp.dll comes up it will be caught by HIPS proactively?
Thank you for your help.
You only need C:**OCSetupHlp.dll since the wildcard means any character and any length which also includes “deeper path”
Thanks heaps! Really THANK YOU!!
Thinking about it again, I think blocking C:*OCSetupHlp.dll is better than C:**OCSetupHlp.dll since the latter wouldn’t block C:\OCSetupHlp.dll due to the lack of a backslash () in the specified path.