Block a shell ink for browser launch in an application

Discussion in 'ESET Smart Security' started by jasonbourne, Apr 10, 2012.

Thread Status:
Not open for further replies.
  1. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    264
    Hi,

    How can I block a link that can be launched in an application. In CIS and OA Premium I can block that in the HIPS portion to "not start an application". ESS has this and I place a rule like in CCleaner:

    Source application : C:\Program Files\CCleaner\CCleaner.exe
    Target Application: Start new application
    Over these applications: C:\Program Files\Mozilla Firefox\firefox.exe
    Firefox still launches.

    The same thing with KMPLayer but instead of FF it's IE. I placed the IE folder there in the "Over these application" but it still launches.

    In CIS, KMPlayer uses COM so I place the block in COM Interfaces in D+. I assume that CCleaner is the same. Where can I plave that in ESS?

    In OA Premium I placed it in the Advanced setup and add the broswers and it blocks it from launching.

    How can I block such "shell links"(correct...?) in ESS HIPS or the firewall...?

    I'd like to be able to restrict such like these in the wiindows of applications other what I need. The kids might use the pc and might accidentally click. You know kids...

    I tried to block the URL in KMPLayer but it also launched and connected.

    Kindly see images attached.

    Thank you :)
     

    Attached Files:

  2. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    264
    Anyone care to help me with Eset HIPS..? I can block this behavior only in the HIPS right..? I tried in the firewall but unfortunately it did not. Anyone from Eset support to help me on the HIPS thing...please....:(
     
  3. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    264
    Finally solved the issue. HERE

    It wasn't pleasant taking long turns just to find a solution...Eset support..tsk :thumbd: :thumbd: :thumbd:
     
  4. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    634
    Location:
    Sydney Australia
    Check if the rule works when an instance of the browser is already running.
     
  5. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    264

    I did what you suggested and when a browser is running the rule is invalid. Rule is valid only when a browser is not running. The only option is to block the site in which the link shows.

    That's the problem here. Haven't got any help especially from support.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.