Showing results for 
Search instead for 
Did you mean: 
Level 7

prevention of hidden file extensions ...

A question and discussion session between me and my colleague prompted this debate.  Does Sig 413 alert if "malacious actor 1" has admin level rights to a box... possibly having moved laterally across the network, and drops his tool kit on a system.  Now some of these tools are executables hidden as .docs or .pdfs.  Will HIPS identify and eliminate this threat?

0 Kudos
1 Reply
Level 12

Re: prevention of hidden file extensions ...

My take is that the situation you named is possible, completely independent of the users credentials.

I believe the signature will trigger based solely on the detection of a double file extension.