Protected Files
- The protected files screen shows file groups that are protected from access by other programs.
- Files in this area are 'read only'. They can be accessed and read by other programs, but not modified.
- This prevents malicious programs from hijacking important files. It is also useful for safeguarding valuable files (spreadsheets, databases, documents) against accidental or deliberate sabotage.
- A good example of a file that ought to be protected is your 'hosts' file (c:/windows/system32/drivers/etc/hosts). Placing your host file in 'Protected Files and Folders' area will allow web browsers to use the file as normal, but any attempt to modify it will be blocked.
- You
can create exceptions if you want to allow a trusted application to
access a protected file. See Exceptions for more
details about how to allow access to files placed in 'Protected Files'.
Open the 'Protected Files' section
- Click 'Settings' on the CCS home screen to open the 'Advanced Settings' interface.
- Click 'HIPS' > 'Protected Objects' on the left.
- Click the 'Protected Files' tab:
The buttons at the top provide the following options:
- Add – Select files/folders that you want to protect
- Edit – Modify the path of the file or group
- Remove - Deletes the currently highlighted item
- Purge - Runs
a system check to verify that all the files listed are actually
installed on the host machine at the path specified. If not, the
item is removed (purged) from the list.
Click the search icon on the right to find a specific item. You can enter full or partial names.
You can protect individual files, folders, file groups or processes:
- Click the 'Add' button above the list:
You can add the files by following methods:
- Choosing 'File Groups' allows you to protect a category of pre-set files or folders.
- For example, selecting 'Executables' allows you to exclude all files with the extensions .exe .dll .sys .ocx .bat .pif .scr .cpl, *cmd.exe, *.bat, *.cmd.
- Other categories include 'Windows System Applications', 'Windows Updater Applications', 'Start Up Folders' and so on. Each of these provide a fast and convenient way to apply a generic ruleset to important files and folders.
- Background - CCS ships with a set of predefined 'File Groups' which can be viewed in 'Settings' > 'File Rating' > 'File Groups'. You can also add your own file groups if required.
- Click 'Add' > 'File Groups' and select the type of 'File Group' from the list:
The selected group will be added to the 'Protected Files' list:
- Click 'Add' and choose 'Files' from the options:
-
Navigate to the file you want to add to 'Protected Files' in the 'Open' dialog and click 'Open'
- Click 'Folders' from the 'Add' drop-down.
The 'Browse for Folder' dialog will appear.
- Select the folder/drive and click 'OK'. Repeat the process to add more items.
Add an application from a running processes
- Choose 'Running Processes' from the 'Add' drop-down
- This will open a list of processes that are currently running on your computer:
- Select the process you want to protect
- Click 'OK'
- Repeat the process to add more files. The items added to the 'Protected Files' will be protected from access by other programs.
Edit an item in the Protected Files list
- Select the item from the list and click the 'Edit' button. The 'Edit Property' dialog will appear.
-
Edit the file path, if you have relocated the file and click 'OK'
- Select the item from the list and click the 'Remove' button
The selected item will be deleted from the protected files list. CCS will not generate alerts, if the file or program is subjected to unauthorized access.
Exceptions
Users can selectively allow another application (or file group) to modify a protected file by affording the appropriate 'Access Right' in 'Active HIPS Rules' interface.
A simple example would be the imaginary file 'April - 2018.odt'. You would want the 'Open Office Writer' program to be able to modify this file as you are working on it, but you would not want it to be accessed by a potentially malicious program. You would first addthe document to the 'Protected Files' area. Once added to 'Protected Files', you would go into 'Active HIPS Rules' and create an exception for 'swriter.exe' so that it alone could modify 'June - 2016.odt'.
- First add 'April - 2017.odt' to 'Protected Files'
- Then go to the 'HIPS Rules' interface and add it to the list of applications
- Click the 'Edit' button after selecting it
- In the 'HIPS Rule' interface, select 'Use a Custom Ruleset'.
- Under the 'Access Rights' section, click the link 'Modify' beside the entry 'Protected Files/Folders'. The 'Protected Files/Folders' interface will appear.
- Under the 'Allowed Files/Folders' section, click 'Add' > 'Files' and add swriter.exe as exceptions to the 'Ask' or 'Block' rule in the 'Access Rights'.
Another
example of where protected files should be given selective access is
the Windows system directory at 'c:/windows/system32'. Files in this
folder should be off-limits to modification by anything except
certain, Trusted, applications like Windows Updater Applications. In
this case, you would add the directory c:/windows/system32* to the
'Protected Files area (* = all files in this directory). Next go to
'HIPS
Rules', locate
the file group 'Windows Updater Applications' in the list and follow
the same process outlined above to create an exception for that group
of executables.