devjit2018

Level 6
Hello everyone. I'm using ESET Internet Security 12 and I have some custom HIPS rules to maximize the protection offered by ESET. Many people here at MT seems to be using ESET. Does anyone know how to create a custom HIPS Rule that would protect the MBR? Also can a custom rule be created to protect a Specified Folder? For example, I created a folder named Important in Documents and inside that folder I have all my document files. I want ESET HIPS to alert me whenever some process tries to delete, modify or create any files inside that particular folder. Any way in which this can be accomplished?
 

notabot

Level 8
Hello everyone. I'm using ESET Internet Security 12 and I have some custom HIPS rules to maximize the protection offered by ESET. Many people here at MT seems to be using ESET. Does anyone know how to create a custom HIPS Rule that would protect the MBR? Also can a custom rule be created to protect a Specified Folder? For example, I created a folder named Important in Documents and inside that folder I have all my document files. I want ESET HIPS to alert me whenever some process tries to delete, modify or create any files inside that particular folder. Any way in which this can be accomplished?
Sounds like you want WD’s Controlled Folder Access and a custom view in the event viewer :D

Just kidding :) I don’t know much about ESET as I’ve never used it but you can protect a folder via SRP which should not conflict with ESET (SRP is not part of WD, it’s independent). This may not be the in-ESET solution you seek but may turn out to be handy in case there’s nothing in-product for what you want.
 

devjit2018

Level 6
Sounds like you want WD’s Controlled Folder Access and a custom view in the event viewer :D

Just kidding :) I don’t know much about ESET as I’ve never used it but you can protect a folder via SRP which should not conflict with ESET (SRP is not part of WD, it’s independent). This may not be the in-ESET solution you seek but may turn out to be handy in case there’s nothing in-product for what you want.
yes you are true about the Controlled Folder Access part. I want an alternative to it since I don't use WD but instead use ESET IS. The Event Viewer part is wrong. I want ESET HIPS to ask me if any program wants to modify the MBR of my disk.
 
  • Like
Reactions: bob974

notabot

Level 8
yes you are true about the Controlled Folder Access part. I want an alternative to it since I don't use WD but instead use ESET IS. The Event Viewer part is wrong. I want ESET HIPS to ask me if any program wants to modify the MBR of my disk.
Actually SRP won’t be able to help with it either thinking about it better.

As CFA is not an option in your case and given my lack of familiarity with ESET I’ll leave it to others who may have used ESET to help
 

RoboMan

Level 26
Content Creator
Verified
Create an HIPS rule to block operation of:
  • C:\Windows\System32\wscript.exe
  • C:\Windows\System32\cscript.exe
  • C:\Windows\SysWOW64\wscript.exe
  • C:\Windows\SysWOW64\cscript.exe
on the desired important folder.

PS: no scripts will be able to execute here wether legit or not.