Apply HIPS restrictions to children of a restricted process?

Discussion in 'other firewalls' started by Gullible Jones, Aug 17, 2012.

Thread Status:
Not open for further replies.
  1. Asking because of some odd behavior I've seen with Outpost FW...

    What HIPS software is known to apply restrictions specified for a program to processes spawned by that program?

    Furthermore, what HIPS software is known not to apply such restrictions to child processes?
     
  2. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Is this what you mean?
    Screenshot of Malware Defender alert..............
    2012-08-17_171453.png

    Or here............

    2.png
     
    Last edited: Aug 17, 2012
  3. Nope... I mean silently applying the same set of restrictions to child processes, unless another set of restrictions is specified and the child application is specifically disallowed from inheriting restrictions. Something like this:

    - A, B, C, and D are applications.
    - A has a ruleset that denies sound card access. B has no rules. C has rules denying keyboard access, plus whatever is denied by the parent process's rules; D has rules that deny keyboard access but supersede the parent process's rules.

    So:

    - If A launches B, B inherits A's rules.
    A+NoSound -> B+NoSound

    - If A launches C, C inherits A's rules and has its own applied.
    A+NoSound -> C+NoSound+NoKeyboard

    - If A launches D, A's rules are not inherited, and only D's are applied.
    A+NoSound -> D+NoKeyboard

    Umm, I hope this makes sense?
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Most classical HIPS having a rule set on program level (Malware Defender, Comodo) apply the default rule when the launched program does not have his own rule, Most policy based HIPS apply the same restrictions to programs launched by a guarded program (DefenseWall, GeSWall), when this program is not in exclusion list.

    Basic difference is that a clasical HIPS provides system wide protection while it guards all threat vectors and a policy based HIPS guards named threatgates programs (keeps them in a sandbox or policy container) while protecting against all threat vectors (including process creation and spawning other programs).
     
    Last edited: Aug 27, 2012
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    PrivateFirewall HIPS has this capabilty. You can get pretty granular with access permissions with it.
     
Thread Status:
Not open for further replies.