3 Replies Latest reply on Aug 17, 2012 1:07 PM by zaloorb

    Sigrules.txt

      With HIPS 7 any custom created signatures were detailed in a file named Sigrules.txt. Recently, we began testing custom signatures for HIPS 8 and could not find out newest entries in this file. The signature does trigger properly however, so the signature must be loaded from somewhere. So I have 2 questions:

       

      - How are custom signature rules stored on the client within HIPS 8

      - If custom signature rules are no longer stored in the Sigrules.txt file, what is the pupose of this file in HIPS 8

        • 1. Re: Sigrules.txt
          greatscott

          I will be curious to know the answer to this too. I see the file, and I am running HIPS 8.

           

          Furthermore, we have questioned in the past why this file is not some how protected, or encrypted. It contains all the parameters and syntax for any custom signatures. Even from an unprivilaged user account, it can be accessed.

           

          Message was edited by: greatscott on 8/17/12 12:39:57 PM CDT
          1 of 1 people found this helpful
          • 2. Re: Sigrules.txt
            damageinc

            Zaloorb,

             

            Did you upgrade to HIPS 8?  Maybe this file is just left over from HIPS 7?  Perhaps McAfee developed a more secure way of storing the custom signature parameters in HIPS 8?

             

            -DamageInc

            1 of 1 people found this helpful
            • 3. Re: Sigrules.txt

              I did initially leave out the fact the the file is in plain text but that is a great point to make. I guess it is possible that it is leftover but it must serve some purpose... If not, it might be best for us to delete it entirely to prevent anyone from gleaning this sensitive information.