Advice Request Why CruelSisters disable the HIPS?

Please provide comments and solutions that are helpful to the author of this topic.

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
So just to clarify, CFW once configured properly with CS settings will BLOCK any malicious file from executing, while if one chose to activate HIPS, would receive an alert or a multitude of alerts requiring action by the user?

When I mean block, I mean that one receives a Windows error message that the file cannot be executed or found.

I bring this up because I have found files in cfw Blocked Applications that were blocked by Containment but I received no alert by cfw other than a Windows error message upon opening the file. Test I used was the basic EICAR file.
CruelComodo will cause any unrecognized file to be automatically sandboxed in a secure way. You will not get a Windows error message, because the file executed, albeit in a sandboxed environment.
If you enable HIPS on top of that, nothing will change unless you allow the file to run outside of the sandbox. At that point, you will start getting HIPS prompts.

If you want unrecognized files to be totally blocked, that is what ComodoFix does.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top