2 Replies Latest reply on Apr 27, 2010 3:41 AM by rackroyd

    Syntax of HIPs Event-log




      i have problems to allow some programming tools to be used.

      In the Event.log of the HIPs onj the affected workstation I found some entries:



      8 1271932882  0 C:\CYGWIN\BIN\BASH.EXE riOn4syHPOkujW2j68qUYA== 1 22
      7 1271932928  -1 17 17152 17408 1 0 -1  0
      8 1271932945  1256 C:\MSYS\BIN\SH.EXE gT20gFxu8diobq9TBZfqtw== 1 22
      8 1271932991  0 C:\MSYS\BIN\SH.EXE ktOY8JCXbmLRaWrCGz0cWQ== 1 22
      8 1271938545  1452 C:\WINDOWS\SYSTEM32\CSRSS.EXE myKq41Zq7+4zzkmNvg0v0g== 1 23


      What is the meaning of this entrys?


      To allow access on the programming tools I modified the HIPs rules.

      In "Host Intusion Prevention 7.0.4: Anwendungsblockierung" - "Anwendungsblockierregeln (Windows)" I added the following entries:

           Regelname: BASH.EXE

           Anwendungspfad: BASH.EXE

           Anwendungsoptionen:    "activate" - general 

                                               "activate" - craete application

                                               "activate" - allow hooking

           Übereinstimmungsoptionen: "activate" - path only


      In In "Host Intusion Prevention 7.0.4: Allgemein" - "Vertrauenswürdige Anwendungen (alle Plattformen)" I added the entries:

           Name: Tools

           Status:  "activate" - general

                       "activate" - für IPS als vertrauenswürdig markieren (alle Plattformen)

                       "activate" - für Firewall als vertrauenswürdig markieren (Windows)

                       "activate" - für das Erstellen von Anwendungs-Hooks als vertrauenswürdig markieren (Windows)

           Vorgänge: C:\CYGWIN\BIN\*




      But the programming application did'nt work with activated Firewall (includung HIP). What can I do to allow the programming tools?

      Tests with PINBALL.EXE on the affected PC are positiv. If I allow PINBALL.EXE the programm can be used. In if I block PINBALL.EXE, using

      the rules above, PINBALL.EXE can't be used. The HIPs for PINBALL is working propper.


      How can I config the HIPs rule, to garant access for useing the programming tools?


      Thank you for help.


      Greetings from Germany