cancel
Showing results for 
Search instead for 
Did you mean: 

Accessing other users home directory (HIPS Signature 6053)

Jump to solution

Before applying the signature explained below, i need to do some testing.  I've enabled this rule on a couple workstations and set it to prevent.  So far i have not experienced any problems but i want to make sure that i do not overlook something.  First what can I do to trigger this signature and ensure this is working?  I did research on what a user's home directory is by default and per Microsoft it is c:\users\default\.  I have successfully accessed this directory on the couple of systems that have this signature set to prevent.  Am I missing something or is there somewhere else that i need to check?

Signature 6053: Accessing other users home directory

Description:

-This event indicates an attempt by a user to access another user's home directory.

-This signature is disabled by default.

-The signature is supported on HIPS 8 Patch 2 and above only.

1 Solution

Accepted Solutions

Re: Accessing other users home directory (HIPS Signature 6053)

Jump to solution

I would set the signature to Informational, and enable it for all your systems. That way you get the full picture before you turn it on for all systems.

3 Replies

Re: Accessing other users home directory (HIPS Signature 6053)

Jump to solution

I would set the signature to Informational, and enable it for all your systems. That way you get the full picture before you turn it on for all systems.

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: Accessing other users home directory (HIPS Signature 6053)

Jump to solution

Sig 6053 prevents a user from modifying files in another user's profile directory.  I triggered it by simply trying to create file in another users directory.

1. Logged in with TestUser1.

2. TestUser1 opens cmd.exe and tries to copy a file to C:\Users\TestUser2\Desktop\.

3. Sig 6053 violates.

Re: Accessing other users home directory (HIPS Signature 6053)

Jump to solution

Both answers are very helpful.  I am going to go ahead "greatscott" and set the signature to log like you suggested and see what results I get.  Thank you "Kary Tankink" that was very helpful and just opened another can of worms for me .  I appreciate both of your feedback.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator