Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
237 Views 4 Replies Latest reply: Feb 11, 2014 10:33 AM by cakeboss RSS
cakeboss Newcomer 26 posts since
Oct 24, 2012
Currently Being Moderated

Feb 10, 2014 5:11 PM

HIPS 8.0 rule for preventing creation of specific file names

Is it possible to create a custom HIPS signature or use any other HIPS setting to block specific file names from being created?

 

I've been able to create a rule that stop them from being executed by selecting "Program" from rule type, however I've been tasked with making sure files with specific names never get on the machine.  I made an Access Protection rule in VSE for this, however because AP events are low severity, they are not sent to the ePO server within 5 minutes like High severity HIPS rules are.  I've attempted creating a HIPS rule to block specific file names from being written to the system using "Files" rule type, but that seems to be more for protecting existing files than preventing new ones from being created, which brings me back to the original question:

Is it possible to create a custom HIPS signature or use any other HIPS setting to block specific file names from being created on a system?

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points