cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Sigrules.txt

With HIPS 7 any custom created signatures were detailed in a file named Sigrules.txt. Recently, we began testing custom signatures for HIPS 8 and could not find out newest entries in this file. The signature does trigger properly however, so the signature must be loaded from somewhere. So I have 2 questions:

- How are custom signature rules stored on the client within HIPS 8

- If custom signature rules are no longer stored in the Sigrules.txt file, what is the pupose of this file in HIPS 8

3 Replies

Re: Sigrules.txt

I will be curious to know the answer to this too. I see the file, and I am running HIPS 8.

Furthermore, we have questioned in the past why this file is not some how protected, or encrypted. It contains all the parameters and syntax for any custom signatures. Even from an unprivilaged user account, it can be accessed.

Message was edited by: greatscott on 8/17/12 12:39:57 PM CDT

Re: Sigrules.txt

Zaloorb,

Did you upgrade to HIPS 8?  Maybe this file is just left over from HIPS 7?  Perhaps McAfee developed a more secure way of storing the custom signature parameters in HIPS 8?

-DamageInc

Re: Sigrules.txt

I did initially leave out the fact the the file is in plain text but that is a great point to make. I guess it is possible that it is leftover but it must serve some purpose... If not, it might be best for us to delete it entirely to prevent anyone from gleaning this sensitive information.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community