cancel
Showing results for 
Search instead for 
Did you mean: 
omar_tx
Level 9

Accessing other users home directory (HIPS Signature 6053)

Jump to solution

Before applying the signature explained below, i need to do some testing.  I've enabled this rule on a couple workstations and set it to prevent.  So far i have not experienced any problems but i want to make sure that i do not overlook something.  First what can I do to trigger this signature and ensure this is working?  I did research on what a user's home directory is by default and per Microsoft it is c:\users\default\.  I have successfully accessed this directory on the couple of systems that have this signature set to prevent.  Am I missing something or is there somewhere else that i need to check?

Signature 6053: Accessing other users home directory

Description:

-This event indicates an attempt by a user to access another user's home directory.

-This signature is disabled by default.

-The signature is supported on HIPS 8 Patch 2 and above only.

0 Kudos
1 Solution

Accepted Solutions
greatscott
Level 12

Re: Accessing other users home directory (HIPS Signature 6053)

Jump to solution

I would set the signature to Informational, and enable it for all your systems. That way you get the full picture before you turn it on for all systems.

0 Kudos
3 Replies
greatscott
Level 12

Re: Accessing other users home directory (HIPS Signature 6053)

Jump to solution

I would set the signature to Informational, and enable it for all your systems. That way you get the full picture before you turn it on for all systems.

0 Kudos
McAfee Employee

Re: Accessing other users home directory (HIPS Signature 6053)

Jump to solution

Sig 6053 prevents a user from modifying files in another user's profile directory.  I triggered it by simply trying to create file in another users directory.

1. Logged in with TestUser1.

2. TestUser1 opens cmd.exe and tries to copy a file to C:\Users\TestUser2\Desktop\.

3. Sig 6053 violates.

0 Kudos
omar_tx
Level 9

Re: Accessing other users home directory (HIPS Signature 6053)

Jump to solution

Both answers are very helpful.  I am going to go ahead "greatscott" and set the signature to log like you suggested and see what results I get.  Thank you "Kary Tankink" that was very helpful and just opened another can of worms for me .  I appreciate both of your feedback.

0 Kudos