Block a shell ink for browser launch in an application

Discussion in 'ESET Smart Security' started by jasonbourne, Apr 10, 2012.

Thread Status:
Not open for further replies.
  1. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    Hi,

    How can I block a link that can be launched in an application. In CIS and OA Premium I can block that in the HIPS portion to "not start an application". ESS has this and I place a rule like in CCleaner:

    Source application : C:\Program Files\CCleaner\CCleaner.exe
    Target Application: Start new application
    Over these applications: C:\Program Files\Mozilla Firefox\firefox.exe
    Firefox still launches.

    The same thing with KMPLayer but instead of FF it's IE. I placed the IE folder there in the "Over these application" but it still launches.

    In CIS, KMPlayer uses COM so I place the block in COM Interfaces in D+. I assume that CCleaner is the same. Where can I plave that in ESS?

    In OA Premium I placed it in the Advanced setup and add the broswers and it blocks it from launching.

    How can I block such "shell links"(correct...?) in ESS HIPS or the firewall...?

    I'd like to be able to restrict such like these in the wiindows of applications other what I need. The kids might use the pc and might accidentally click. You know kids...

    I tried to block the URL in KMPLayer but it also launched and connected.

    Kindly see images attached.

    Thank you :)
     

    Attached Files:

  2. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    Anyone care to help me with Eset HIPS..? I can block this behavior only in the HIPS right..? I tried in the firewall but unfortunately it did not. Anyone from Eset support to help me on the HIPS thing...please....:(
     
  3. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    Finally solved the issue. HERE

    It wasn't pleasant taking long turns just to find a solution...Eset support..tsk :thumbd: :thumbd: :thumbd:
     
  4. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    Check if the rule works when an instance of the browser is already running.
     
  5. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247

    I did what you suggested and when a browser is running the rule is invalid. Rule is valid only when a browser is not running. The only option is to block the site in which the link shows.

    That's the problem here. Haven't got any help especially from support.
     
Thread Status:
Not open for further replies.