cancel
Showing results for 
Search instead for 
Did you mean: 
rvp1000
Level 7

IS HIPS application policy list is an exclusion or exception list to allow application to run and specific to application functions to work on the machine?

I need to know if the HIPS's application policy is an exclusion or exception list to allow applications to run normally.

It seems that we are getting irregular behaviors with an application when HIPs is introduced?

Based on our testing it works great without HIPS client installed?

Sometimes the windows application needs to write to the registry and access specific dlls and files under system32  and it own program files directories..

C:/programfiles/applicationxxxxxx....

Should all application dll, excutable, essentail program files be added to the HIPS application policy list?

I assume the HIPS application policy list is an exclusion or exception list to allow application to run and specific features of the application on the machine. I.E MS Outlook, defrag, check disk, executable... scandisk.exe???

Message was edited by: rvp1000 on 3/29/10 2:26:35 PM CDT
0 Kudos
2 Replies
sameer172006
Level 12

Re: IS HIPS application policy list is an exclusion or exception list to allow application to run and specific to application functions to work on the machine?

rvp1000,

HIPS gives you complete control over what runs and can not run on your PC.

The Programs/Applications list that you mentioned here, It gives you the access to decide which application can run and are to blocked. I suggest you keep the HIPS in a learning mode for sometime and everytime an application is run, It will prompt you to either allow it or block it and depending upon what you asked it to do, It creates the rules specific to that particular application.

Please rememebr that theer are Adaptive Mode and learning mode. Adaptive mode is more aggressive and will block a lot of apps some of which you would wnat to run seamlessly. Also, I suggest you spend some time understanding the functionalities of the product.

I hope the above helps.

Sameer

0 Kudos
rvp1000
Level 7

Re: IS HIPS application policy list is an exclusion or exception list to allow application to run and specific to application functions to work on the machine?

With custom policies created for specific application sometime it doesn't pinpoint the application fully functionality. i.e only allow the application installation to work but other features such uninstall and function of the applications are blocked...

Is possible to have HIPS specified policies or rules to the application MD5 application signature?

Also is there a way to upload or created a defination to the existing EPO trusted application list when creating a trusted application policy on th eEPO?

Reference

MD5 Footprint.

http://en.wikipedia.org/wiki/MD5

In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. However, it has been shown that MD5 is not collision resistant;[1] as such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property. An MD5 hash is typically expressed as a 32-digit hexadecimal number.

MD5 hash for any file, and then compare it to another one.

It's easy enough to compare 2 hashes just looking at them but MD5 hashes have 32 characters all mixed with letters and numbers, meaning, it can be boring to compare all of them and you could still miss some character.

Message was edited by: rvp1000 on 3/30/10 11:58:13 AM CDT
0 Kudos