4 Replies Latest reply: Feb 11, 2014 10:33 AM by cakeboss RSS

    HIPS 8.0 rule for preventing creation of specific file names

    cakeboss

      Is it possible to create a custom HIPS signature or use any other HIPS setting to block specific file names from being created?

       

      I've been able to create a rule that stop them from being executed by selecting "Program" from rule type, however I've been tasked with making sure files with specific names never get on the machine.  I made an Access Protection rule in VSE for this, however because AP events are low severity, they are not sent to the ePO server within 5 minutes like High severity HIPS rules are.  I've attempted creating a HIPS rule to block specific file names from being written to the system using "Files" rule type, but that seems to be more for protecting existing files than preventing new ones from being created, which brings me back to the original question:

      Is it possible to create a custom HIPS signature or use any other HIPS setting to block specific file names from being created on a system?