Showing results for 
Search instead for 
Did you mean: 
Level 7

HIPS 8.0 Custom Signature


I'm looking for a way to create a HIPS custom signature that will prevent a user from killing a process via the task manager (not a service).

For example I have a program in "C:\program files\Myapp\myapp.exe"  The program is started by the local system account.  If a user opens task manager and tries to kill "myapp.exe" (or by using takkill etc...) I want it to be blocked.

I don't think it was possible to do this in HIPS 7.0, but I've seen it done in 8 using a cusotm signature with a "Program" type subrule.  I can't get it to work though, so...anyone how do you do that in HIPS 8.0 (using ePO 4.5)?

Thanks in advance for any help.

0 Kudos