Advice Request ESET HIPS Rule To Protect a Specific Folder and also to protect the MBR of a Disk??

Please provide comments and solutions that are helpful to the author of this topic.

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
Hello everyone. I'm using ESET Internet Security 12 and I have some custom HIPS rules to maximize the protection offered by ESET. Many people here at MT seems to be using ESET. Does anyone know how to create a custom HIPS Rule that would protect the MBR? Also can a custom rule be created to protect a Specified Folder? For example, I created a folder named Important in Documents and inside that folder I have all my document files. I want ESET HIPS to alert me whenever some process tries to delete, modify or create any files inside that particular folder. Any way in which this can be accomplished?
 

notabot

Level 15
Verified
Oct 31, 2018
703
Hello everyone. I'm using ESET Internet Security 12 and I have some custom HIPS rules to maximize the protection offered by ESET. Many people here at MT seems to be using ESET. Does anyone know how to create a custom HIPS Rule that would protect the MBR? Also can a custom rule be created to protect a Specified Folder? For example, I created a folder named Important in Documents and inside that folder I have all my document files. I want ESET HIPS to alert me whenever some process tries to delete, modify or create any files inside that particular folder. Any way in which this can be accomplished?

Sounds like you want WD’s Controlled Folder Access and a custom view in the event viewer :D

Just kidding :) I don’t know much about ESET as I’ve never used it but you can protect a folder via SRP which should not conflict with ESET (SRP is not part of WD, it’s independent). This may not be the in-ESET solution you seek but may turn out to be handy in case there’s nothing in-product for what you want.
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
Sounds like you want WD’s Controlled Folder Access and a custom view in the event viewer :D

Just kidding :) I don’t know much about ESET as I’ve never used it but you can protect a folder via SRP which should not conflict with ESET (SRP is not part of WD, it’s independent). This may not be the in-ESET solution you seek but may turn out to be handy in case there’s nothing in-product for what you want.
yes you are true about the Controlled Folder Access part. I want an alternative to it since I don't use WD but instead use ESET IS. The Event Viewer part is wrong. I want ESET HIPS to ask me if any program wants to modify the MBR of my disk.
 
  • Like
Reactions: KonradPL and bob974

notabot

Level 15
Verified
Oct 31, 2018
703
yes you are true about the Controlled Folder Access part. I want an alternative to it since I don't use WD but instead use ESET IS. The Event Viewer part is wrong. I want ESET HIPS to ask me if any program wants to modify the MBR of my disk.

Actually SRP won’t be able to help with it either thinking about it better.

As CFA is not an option in your case and given my lack of familiarity with ESET I’ll leave it to others who may have used ESET to help
 
  • Like
Reactions: bob974 and Wraith

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,487
Create an HIPS rule to block operation of:
  • C:\Windows\System32\wscript.exe
  • C:\Windows\System32\cscript.exe
  • C:\Windows\SysWOW64\wscript.exe
  • C:\Windows\SysWOW64\cscript.exe
on the desired important folder.

PS: no scripts will be able to execute here wether legit or not.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top