There are many relevant discussions on the forums, but I’m unable to find straightforward answers that enable me to fully understand.
what are the permissions for a Trusted File? In other words, what would be an equivalent HIPS Rule?
Why do I get alerts for a Trusted File?
Why should I need to create an HIPS Rule for a Trusted File to avoid Alerts? And to make things even more difficult to understand, sometimes after deleting a Rule, it appears to have been unnecessary, as the application later runs without alerts.
If I’m not mistaken, all of the above questions are effectively the same.
And just in case there are differences between versions, I’m on V6.
Thanks for any input.
Not a single idea? I really didn’t expect these to be such difficult questions. ??? :THNK
It would be close or similar to Allowed Application.
- Why do I get alerts for a Trusted File?
- Why should I need to create an HIPS Rule for a Trusted File to avoid Alerts? And to make things even more difficult to understand, sometimes after deleting a Rule, it appears to have been unnecessary, as the application later runs without alerts.
What alert are you getting? Firewall or D+? Can you post a screenshot of the Firewall or D+ logs showing the alert being logged?
Well, what can I tell ya?
Firstly, you must believe me when I say that I didn’t wake up one morning and decide to randomly start adding HIPS Rules for the fun of it. I added them because I was getting Alerts, which resulted in program failures. I then proceeded to add the relevant programs to Trusted Files, which, in some cases, did not help. Those cases were resolved only after adding an appropriate HIPS Rule.
??? :-\ 88)
Now, as I mention in the second half of my third question in the original post, I found that some applications ran OK even after deleting the corresponding Rules. In response to your request for some visual evidence of the Alerts, I deleted the Rules that I created, and then invoked the corresponding application. Lo and behold, every single one runs properly, without any Alerts.
I must conclude that there’s some lag in synchronizing additions to Trusted Files with the process that does the lookup therein. For example, I can imagine a scenario where an entry added to Trusted Files is kept in memory for some time, rather than being immediately written to a database, but when the application runs, the verification is done against the database only. This is just a thought.
Anyway, we’ll see how things progress. Thanks for your comments.