I'm looking for a way to create a HIPS custom signature that will prevent a user from killing a process via the task manager (not a service).
For example I have a program in "C:\program files\Myapp\myapp.exe" The program is started by the local system account. If a user opens task manager and tries to kill "myapp.exe" (or by using takkill etc...) I want it to be blocked.
I don't think it was possible to do this in HIPS 7.0, but I've seen it done in 8 using a cusotm signature with a "Program" type subrule. I can't get it to work though, so...anyone how do you do that in HIPS 8.0 (using ePO 4.5)?