Possible to block disk access?

Is it possible to block write access to the first 63 sectors of my system HDD for all applications with CIS6? If not, which software do you suggest? I’d like to block all write access to my boot sector to prevent it from being altered.

Regards,
Angle

If HIPS is on and in Safe mode, direct disk access by unknown files will be alerted.

You’ll have to tolerate a few other alerts for unknown files, though unless you switch the other monitors off.

Personally I’d keep them all on unless you cannot bear the hassle.

Thanks for the reply.

Yes, I’ve seen that alert pop up a couple of times back in CIS5. Could you please elaborate what exactly raw disk access means? Because I’ve seen the popup with some installers that only installed files into C: partition. So if raw disk access means the ability to write outside windows partitions, why did the installers request it when it didn’t need it? Is it safe to block raw disk access for all applications except system apps and maybe a hex editor like Hex Workshop or WinHex?

Regards!
Angle

There may be a bug. AFAIK the intention is direct access to the disk other than by via the file system. Which is what happens when you write direct to sectors like the boot sector.

Should be OK so long as windows files and critical non-windows drivers are not blocked, and if the bug holds off! However some instability is always possible with HIPS - you are after all writing bespoke rules, almost as if you were designing security software for your machine, albeit within the limits of a language designed for the purpose. Direct HIPS rules creation is for the advanced computer user, really. You need to know how to go into safe mode, change CIS settings and reboot at least. However I cannot remember CIS HIPS ever doing any permanent damage, don’t see how it could, so if you do have that sort of knowledge you will just be able to reverse out of any problems.

I do consider myself an advanced user so… Where does CIS store its HIPS rules? If it uses a config file then I can easily create a backup, and in case something goes wrong, boot a live linux CD and restore the backup.

You can export your config using General Settings ~ Configuration. Give it a new name when you do to avoid confusion. The standard configs are in the CIS program directory, so you can always import and activate them anyway.

Best wishes

Mouse

All rules are stored in the registry. A configuration can be exported to and imported from a file with .cfgx extension.