Comodo Help
Find the desired product help
Comodo Internet Security

Comodo Internet Security

Version 7.0

English

Print Help Download Help
Advanced Settings > Security Settings > Defense+ Settings > Active HIPS Rules
  • Introduction To Comodo Internet Security
    • Special Features
    • System Requirements
    • Installation
      • CIS Premium – Installation
      • CIS Pro - Installation And Activation
      • CIS Complete - Installation And Activation
      • Activating CIS Pro/Complete Services After Installation
        • Activating Your License
        • Activating Your Guarantee Coverage
        • Renewal Of Your License
    • Starting Comodo Internet Security
    • The Main Interface
      • The Home Screen
      • The Tasks Interface
      • The Widget
      • The System Tray Icon
    • Understanding Security Alerts
  • General Tasks – Introduction
    • Scan And Clean Your Computer
      • Run A Quick Scan
      • Run A Full Computer Scan
      • Run A Rating Scan
      • Run A Custom Scan
        • Scan A Folder
        • Scan A File
        • Create, Schedule And Run A Custom Scan
    • Instantly Scan Files And Folders
    • Processing Infected Files
    • Manage Virus Database And Program Updates
    • Manage Quarantined Items
    • View CIS Logs
      • Antivirus Logs
        • Filtering Antivirus Logs
      • Firewall Logs
        • Filtering Firewall Logs
      • Defense+ Logs
        • Filtering Defense+ Logs
      • Website Filtering Logs
        • Filtering Website Filtering Logs
      • Alerts Logs
        • Filtering Alerts Displayed Logs
      • Tasks
        • Filtering Tasks Launched Logs
      • Configuration Changes
        • Filtering Configuration Changes Logs
    • Get Live Support
    • View Active Internet Connections
    • View Active Process List
  • Firewall Tasks – Introduction
    • Allow Or Block Internet Access To Applications Selectively
    • Stealth Your Computer Ports
    • Manage Network Connections
    • Stop All Network Activities
    • Advanced Firewall Settings
  • Sandbox Tasks – Introduction
    • The Virtual Desktop
      • Starting The Virtual Desktop
      • The Main Interface
      • Running Browsers Inside The Virtual Desktop
      • Opening Files And Running Applications Inside The Virtual Desktop
      • Configuring The Virtual Desktop
      • Closing The Virtual Desktop
    • Run An Application In The Sandbox
    • Configure The Sandbox
    • Reset The Sandbox
  • Advanced Tasks – Introduction
    • Create A Rescue Disk
      • Downloading And Burning Comodo Rescue Disk
    • Remove Deeply Hidden Malware
    • Submit Files
    • Identify And Kill Unsafe Running Processes
    • Manage CIS Tasks
  • Advanced Settings
    • General Settings
      • Customize User Interface
      • Configure Program And Virus Database Updates
      • Log Settings
      • Manage CIS Configurations
        • Comodo Preset Configurations
        • Importing/Exporting And Managing Personal Configurations
    • Security Settings
      • Antivirus Settings
        • Real-time Scanner Settings
        • Scan Profiles
        • Exclusions
      • Defense+ Settings
        • HIPS Behavior Settings
        • Active HIPS Rules
        • HIPS Rule Sets
        • Protected Objects
          • Protected Files
          • Blocked Files
          • Protected Registry Keys
          • Protected COM Interfaces
          • Protected Data Folders
        • Behavior Blocker
          • The Sandbox - An Overview
            • Unknown Files - The Auto - Sandboxing And Scanning Processes
        • Configure The Sandbox
      • Firewall Settings
        • Firewall Behavior Settings
        • Application Rules
        • Global Rules
        • Firewall Rule Sets
        • Network Zones
          • Network Zones
          • Blocked Zones
        • Port Sets
        • Website Filtering
          • Creating And Modifying Website Filtering Rules
          • Defining And Modifying Website Categories
      • Manage File Rating
        • File Rating Settings
        • Trusted Files
        • Unrecognized Files
        • Submitted Files
        • Trusted Vendors List
  • Comodo GeekBuddy
    • Overview Of Services
    • Activation Of Service
    • Launching The Client And Using The Service
    • Accepting Remote Desktop Requests
    • Chat History
    • Using Issue Tracker
    • Uninstalling Comodo GeekBuddy
  • TrustConnect Overview
    • Microsoft Windows - Configuration And Connection
    • Mac OS X - Configuration And Connection
    • Linux / Open VPN - Configuration And Connection
    • Apple IPhone / IPod Touch - Configuration And Connection
    • Android Devices - Configuration And Connection
    • Windows Mobile Devices - Configuration And Connection
    • TrustConnect FAQ
  • Comodo Dragon
  • Comodo BackUp
  • Appendix 1 CIS How To... Tutorials
    • Enable / Disable Security Components Easily
    • Set Up The Firewall For Maximum Security And Usability
    • Block Internet Access While Allowing Local Area Network (LAN) Access
    • Block/allow Websites Selectively To Users Of Your Computer
    • Set Up The HIPS For Maximum Security And Usability
    • Set Up The Behavior Blocker For Maximum Security And Usability
    • Password Protect Your CIS Settings
    • Reset Forgotten Password (Advanced)
    • Run An Instant Antivirus Scan On Selected Items
    • Create An Antivirus Scanning Schedule
    • Run Untrusted Programs Inside Sandbox
    • Run Browsers Inside Sandbox
    • Run Untrusted Programs Inside Virtual Desktop
    • Run Browsers Inside The Virtual Desktop
    • Restore Incorrectly Quarantined Item(s)
    • Submit Quarantined Items To Comodo For Analysis
    • Enable File Sharing Applications Like BitTorrent And Emule
    • Block Any Downloads Of A Specific File Type
    • Disable Behavior Blocker And Auto-Sandboxing On A Per-application Basis
    • Enabling Full Virtualization For Auto-Sandboxed Applications
    • Switch Between Complete CIS Suite And Individual Components (just AV Or FW)
    • Switch Off Automatic Antivirus And Software Updates
    • Suppress CIS Alerts Temporarily While Playing Games
    • Renewal Or Upgrading Your License
    • How To Use CIS Protocol Handlers
  • Appendix 2 - Comodo Secure DNS Service
    • Router - Manually Enabling Or Disabling Comodo Secure DNS Service
    • Windows XP - Manually Enabling Or Disabling Comodo Secure DNS Service
    • Windows 7 / Vista - Manually Enabling Or Disabling Comodo Secure DNS Service
  • Appendix 3 - Glossary Of Terms
  • Appendix 4 - CIS Versions
  • About Comodo Security Solutions

Active HIPS Rules

 

The HIPS rules tab lists the different groups of applications installed in your system and the Rulesets applied to them. You can change the ruleset applied to selected applications and also create custom rulesets to be applied to selected applications.




The first column, Application Name, displays a list of the applications on your system for which a HIPS ruleset has been deployed. If the application belongs to a file group, then all member applications assume the ruleset of the file group. The second column,Treat as, column displays the name of the HIPS ruleset assigned to the application or group of applications in column one.


You can use the search option to find a specific file or a company in the list. 

To use the search option, click the search icon  at the far right in the column header.


 


  • Click the chevron on the left side of the column header and select the search criteria from the drop-down.
  • Enter partly or fully the name of the item as per the selected criteria in the search field.
  • Click the right or left arrow at the far right of the column header to begin the search.
  • Click the icon in the search field to close the search option.

General Navigation:


Clicking the Up arrow at the bottom center of the interface opens an option panel with the following options:

  • Add - Allows the user to Add a new Application to the list then create it's ruleset. See the section 'Creating or Modifying a HIPS Ruleset'.
  • Edit - Allows the user to modify the HIPS rule of the selected application. See the section 'Creating or Modifying a HIPS Ruleset'.
  • Remove - Deletes the selected ruleset.

Note: You cannot remove individual applications from a file group using this interface - you must use the 'File Groups' interface to do this.

  • Purge - Runs a system check to verify that all the applications for which rulesets are listed are actually installed on the host machine at the path specified. If not, the rule is removed, or 'purged', from the list.
Users can re-order the priority of rules by simply selecting the application name or file group name in question, clicking the handle at the bottom center and selecting 'Move Up' or 'Move Down' from the options. To alter the priority of applications that belong to a file group, you must use the 'File Groups' interface.

Creating or Modifying a HIPS Ruleset


To begin defining a application's HIPS Ruleset

  1. Select the application or file group that you wish the ruleset to apply to.

  1. Configure the ruleset for this application.

Step 1 - Select the application or file group that you wish the ruleset to apply to


If you wish to define a rule for a new application (i.e. one that is not already listed), click the handle from the HIPS Rules pane and select 'ADD'. This brings up the 'HIPS Rule' interface as shown below.




Because you are defining the HIPS rule settings for a new application, you can notice that the 'Name' box is blank. (If you were editing an existing rule instead, then this interface would show that application's name with installation path or application group's name.)

  • Click 'Browse' to begin.

You now have 3 methods available to choose the application for which you wish to create a policy - File Groups; Applications and Running Processes.

  1. File Groups - Choosing this option allows you to create a HIPS ruleset for a category of pre-set files or folders. For example, selecting 'Executables' would enable you to create a ruleset for all files with the extensions .exe .dll .sys .ocx .bat .pif .scr .cpl . Other such categories available include 'Windows System Applications' , 'Windows Updater Applications' , 'Start Up Folders' etc - each of which provide a fast and convenient way to apply a generic policy to important files and folders.



To view the file types and folders that are affected by choosing one of these options, you need to visit the 'File Groups' interface.


The ' File Groups interface can be accessed by the following method:

  • Navigate to Advanced Settings > Defense+ > HIPS > Protected Files, click the up arrow from the bottom of the interface and select 'Groups' from the options.

  1. Applications - This option is the easiest for most users and simply allows you to browse to the location of the application for which you want to deploy the ruleset.




  1. Running Processes - as the name suggests, this option allows you to create and deploy a ruleset for any process that is currently running on your PC.




Having selected the individual application, running process or file group, the next stage is to Configure the rules for this ruleset.

Step 2 - Configure the HIPS Ruleset for this application


There are two broad options available for selecting a policy that applies to an application – Use Ruleset or Use a Custom Ruleset.

  1. Use Ruleset - Selecting this option allows the user to quickly deploy an existing HIPS ruleset on to the target application. Choose the ruleset you wish to use from the drop down menu. In the example below, we have chosen 'Allowed Application'. The name of the ruleset you choose is displayed in the 'Treat As' column for that application in the HIPS Rules interface (Default = enabled).




 

Note on 'Installer or Updater' Rule :Applying the Predefined Ruleset 'Installer or Updater' for an application defines it as a trusted installer and all files created by the application will also be considered as trusted files. Some applications may have hidden code that could impair the security of your computer if allowed to create files of their own. Comodo advises you to use this Predefined Ruleset - 'Installer or Updater' with caution. On applying this ruleset to any application, an alert dialog will be displayed, describing the risks involved.

 

 

General Note:Predefined Rulesets, once chosen, cannot be modified directly from this interface - they can only be modified and defined using the 'Rulesets' interface. If you require the ability to add or modify settings for an specific application then you are effectively creating a new, custom policy and should choose the more flexible Use a Custom Ruleset option instead.

  1. Use a Custom Ruleset - designed for more experienced users, the 'Custom Ruleset' option enables full control over the configuration specific security policy and the parameters of each rule within that ruleset. The Custom ruleset has two main configuration areas - Access Rights and Protection Settings (Default = Disabled).

In simplistic terms 'Access Rights' determine what the application can do to other processes and objects whereas 'Protection Settings' determine what the application can have done to it by other processes.

  1. Access Rights - The Process Access Rights tab allows you to determine what activities the applications in your custom ruleset are allowed to execute. These activities are called 'Access Names'.



Refer to the section HIPS Behavior Settings > Activities to Monitor to view a list of definitions of the Action Names listed above and the implications of choosing the action from 'Ask', 'Allow' or 'Block' for each setting as shown below:

  • Exceptions to your choice of 'Ask', 'Allow' or 'Block' can be specified for the ruleset by clicking the 'Modify' link on the right.
  • Select the 'Allowed Applications' or 'Blocked Applications' tab depending on the type of exception you wish to create.

 

Clicking the handle and selecting 'Add' allows you to choose which applications or file groups you wish this exception to apply to. (click here for an explanation of available options).

 

In the example above, the default action for 'Interprocess Memory Access' is 'Ask'. This means HIPS will generate an alert asking your permission if 'New Software.exe' tries to modify the memory space of any other program. Clicking 'Modify' then adding 'opera.exe' to the 'Allowed Applications' tab creates an exception to this rule. New Software.exe can now modify the memory space of opera.exe.

  1. Protection Settings - Protection Settings determine how protected the application or file group in your ruleset is against activities by other processes. These protections are called 'Protection Types'.




  • Select 'Active' to enable monitoring and protect the application or file group against the process listed in the 'Protection Type' column. Select 'Inactive' to disable such protection.

Click here to view a list of definitions of the 'Protection Types' listed above and the implications of activating each setting.


Exceptions to your choice of 'Active' or 'Inactive' can be specified in the application's policy by clicking the 'Modify' link on the right.

  1. Click 'OK' to confirm your settings.

Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2024. All rights reserved.