Stop file piggybacking on Firefox

I have a blocked folder where all inside it is blocked from internet . But a firefox html link to the site can connect. Piggybacking on FF I expect ? Is there anyway to prevent this?

Do you use FW only or HIPS too to block access to the folder?

I use the firewall to prevent anything in the folder connecting. C:\program files\ that folder* is Firewall\application rules\Use ruleset\blocked program

How would i make a HIPS rule to be alerted when that program call firefox?

Create a HIPS Custom Ruleset for that program to get a HIPS Alert whenever that program wants or tries to start Firefox.
Make sure the “Action” of “Access Name” “Run an executable” is set to “Ask”.

See here for more info: Active HIPS Rules, Network Access, Internet Protection | Internet Security

Thanks. i had HIPS disabled too many alerts. when i turn it on too many alerts. is here any way to do it with just the firewall

Without using HIPS I doubt it. When that program executes Firefox in order to gain access to that folder then only HIPS can withhold that program from executing Firefox.

When you use HIPS in “Safe Mode” you will get only Alerts when you execute unknown or unsafe programs, for known or safe programs you don’t get any Alerts. I think if you would add the HIPS Custom Rule for that program to the HIPS Rules (with HIPS in “Safe Mode”) it would do the job pretty well without getting too many Alerts (unless you execute a lot of untrusted or unknown programs of course).

OK thanks. when i enabled it earlier i was getting alerts even.from my AV. I noticed even my AV, an allowed program has to ask to run an exe ? Is that unusual

Normally it is, but it depends.
Check if you have HIPS mode set to “Safe Mode”. When it is set to “Paranoid Mode” you will get (really too) many HIPS Alerts even for trusted or safe programs.

And, which AV do you mean? The AV component of CIS itself or a third party AV?

Norton AV and HIPS was safe mode.

I would expect Norton AV to be trusted and recognized by CIS Cloud Lookup or Trusted Vendors as such and thus not generating HIPS Alerts with HIPS in “Safe Mode”.

What settings do you have enabled (ticked) under “File Rating → File Rating Settings”? (Or attach a screenshot of those settings perhaps.)
Also check in “File Rating → Vendor List” if Norton is listed as a trusted vendor.