4 Replies Latest reply on Aug 19, 2008 2:24 AM by hvbg.wolf

    application protetion rules / trusted applications

      hello,

      on an XP-client with HIPS 7.0 the software msproject runs very slowly (we only have the IPS feature activ). If I remove HIPS 7.0 everything is ok. So I re-install HIPS 7.0 on this client (because we need it) and set the application protection rule for msproject on deactiv. Now msproject runs good.

      But I don't know the exact difference between the application protection rules and the trusted applications (only for the IPS feature). Was it right to set the application protection rule for msproject on deactiv? Or ist it better to set msproject as trusted application?

      greetings wolf
        • 1. The Difference
          Application Protection Rules allows you to set the list of applications that HIPS product will monitor for software vulnerabilities, attacks, buffer overflows etc. By removing the app from there you're basically telling HIPS not to scan for any vulnerabilities or attacks pertaining to that application.
          Trusted application on the other hand basically tells HIPS that you want the app to have unrestricted access through HIPS firewall as well as having unrestricted access to run if you utilize application blocking policies.
          Obviously having the app in trusted app is much much more secure then taking it out of application protection rules. However, doing so may not resolve the problem you're having.
          • 2. RE: The Difference
            Hello,

            thanks for the information.

            Unfortunately there is no event generated from HIPS when the msproject is starting so very slowly. In the hipshield.log file I don't find anything about msproject, too. So I don't know what else I should do to run the msproject in a good time and hold the HIPS secure.

            greetings, wolf
            • 3. RE: The Difference
              Look in the HIPshield.log. If there's a detection, it'll be in there.
              • 4. RE: The Difference
                Hello,

                when I put the prozess in the trusted applications and set the application protection rule for msproject on activ again, msproject is slowly again .

                When I start msproject again (in slowly move) and then take a look in the hipshield.log, I find only this:

                08-19 08:14:43 [01040] WARNING: Could not get process name for pid=2548
                08-19 08:24:09 [01040] WARNING: Could not get process name for pid=2752
                08-19 08:33:32 [01040] WARNING: Could not get process name for pid=364
                08-19 08:33:36 [01040] HRC WARNING: SiReg: Could not open [HKLM\Software\Microsoft\InetStp], LastErr 0x00000002 Das System kann die angegebene Datei nicht finden.
                08-19 08:33:36 [01040] HRC WARNING: SiReg: Could not open [HKLM\Software\Network Associates\TVD\VirusScan\AVConsol\General], LastErr 0x00000002 Das System kann die angegebene Datei nicht finden.
                08-19 08:33:36 [01040] HRC ERROR:
                ************
                Exception {
                Id 3718
                application { Include * }
                domain_user_name { Include * }
                }
                ERROR: Signatures do not contain any Rules with the specified Classes.
                REMOVED Due to errors
                ************

                What does this mean??

                greetings wolf