Can any ePO HIPS pro's out there please tell me how I can go about blocking old versions of Java using the HIPS/Application Blocking/Blacklisting feature? I'm not 100% sure how to do this.
Any advice and feedback would greatly be appreciated!
Thank you for your quick reply.
I have HIPS v7.0.5, not 8.0 at the moment. To create this custom IPS signature, would I create it in:
Host Intrusion Prevention 7.0.5: Application Blocking > Application Blocking Rules (Windows)
or would I create that signature in:
Host Intrusion Prevention 7.0.5: IPS Rules (All Platforms)?
With HIPS 7.0, use the Application Blocking module. Same type of rule, however, unless you're wanting to block other applications, create a final rule at the bottom that allows "*" so that you don't block any other applications. Basically, you are configuring a blacklisting Application Blocking policy. Block all Java, except for specific versions, and then allow all applications. Please test this before implementing in your production environment.
The rules would look something like:
1. Allow specific Java.exe versions by MD5 hash - Path won't work since this could include older versions.
2. Block all Java.exe exectuables.
3. Allow *