ITarian Help

Find the desired product help

IT Endpoint Manager

IT Endpoint Manager

Comodo Client Security for Windows - User Guide 12.10

English

Print Help Download Help
CCS Advanced Settings > Protected Objects > Protected Objects - HIPS > Protected Files
  • Introduction To Comodo Client Security
    • Special Features
    • System Requirements
    • Install Comodo Client Security
    • Start Comodo Client Security
    • The Main Interface
      • The Home Screen
      • The Tasks Interface
      • The Widget
      • The System Tray Icon
    • Understand Security Alerts
    • Password Protection
  • General Tasks - Introduction
    • Scan And Clean Your Computer
      • Run A Quick Scan
      • Run A Full Computer Scan
      • Run A Rating Scan
      • Run A Custom Scan
        • Scan A Folder
        • Scan A File
        • Create, Schedule And Run A Custom Scan
      • Automatically Scan Unrecognized And Quarantined Files
    • Instantly Scan Files And Folders
    • Process Infected Files
    • Manage Virus Database Updates
    • Manage Blocked Autoruns
    • Manage Quarantined Items
  • Firewall Tasks - Introduction
    • Configure Internet Access Rights For Applications
    • Stealth Your Computer Ports
    • Manage Network Connections
    • Stop All Network Activities
    • View Active Internet Connections
  • Containment Tasks - Introduction
    • Run An Application In The Container
    • Reset The Container
    • Identify And Kill Unsafe Running Processes
    • Open Shared Space
    • The Virtual Desktop
      • Start The Virtual Desktop
      • The Main Interface
      • Run Browsers Inside The Virtual Desktop
      • Open Files And Run Applications Inside The Virtual Desktop
      • Pause And Resume The Virtual Desktop
      • Close The Virtual Desktop
    • Containment Statistics Analyzer
  • DLP Tasks - Introduction
    • Run Data Loss Prevention Scans
    • Manage DLP Quarantined Files
  • Advanced Tasks - Introduction
    • Create A Rescue Disk
      • Download And Burn Comodo Rescue Disk
    • Remove Deeply Hidden Malware
    • Manage CCS Tasks
    • View CCS Logs
      • Antivirus Logs
      • VirusScope Logs
      • Firewall Logs
      • HIPS Logs
      • Containment Logs
      • Website Filtering Logs
      • Device Control Logs
      • Autorun Event Logs
      • Alert Logs
      • CCS Tasks Logs
      • File List Changes Logs
      • Vendor List Changes Logs
      • Configuration Change Logs
      • Virtual Desktop Event Logs
      • Data Loss Prevention Event Logs
      • Search And Filter Logs
    • Submit Files For Analysis To Comodo
    • View Active Process List
  • CCS Advanced Settings
    • General Settings
      • Customize User Interface
      • Configure Virus Database Updates
      • Log Settings
      • Manage CCS Configurations
        • Comodo Preset Configurations
        • Personal Configurations
    • Antivirus Configurations
      • Real-time Scanner Settings
      • Scan Profiles
    • Firewall Configuration
      • General Firewall Settings
      • Application Rules
      • Global Rules
      • Firewall Rule Sets
      • Network Zones
        • Network Zones
        • Blocked Zones
      • Port Sets
    • HIPS Configuration
      • HIPS Settings
      • Active HIPS Rules
      • HIPS Rule Sets
      • HIPS Groups
        • Registry Groups
        • COM Groups
    • Protected Objects
      • Protected Objects - HIPS
        • Protected Files
        • Blocked Files
        • Protected Registry Keys
        • Protected COM Interfaces
      • Protected Objects - Containment
        • Protected Files And Folders
        • Protected Keys
    • Data Loss Prevention
      • DLP Monitoring Rules
      • DLP Discovery Rules
      • DLP Keyword Groups
    • Containment Settings
      • Containment Settings
      • Auto-Containment Rules
      • Virtual Desktop Settings
      • Containment - An Overview
      • Unknown Files - The Scanning Processes
    • File Rating Configuration
      • File Rating Settings
      • File Groups
      • Submitted Files
    • Advanced Protection
      • VirusScope Settings
      • Scan Exclusions
      • Device Control Settings
      • Script Analysis Settings
      • Miscellaneous Settings
    • Web Filter Settings
      • Website Filtering Rules
      • Website Categories
  • Appendix 1 - CCS How To... Tutorials
    • Enable / Disable AV, Firewall, Auto-Containment And VirusScope Easily
    • Set Up The Firewall For Maximum Security And Usability
    • Block Internet Access While Allowing Local Area Network (LAN) Access
    • Block / Allow Specific Websites To Specific Users
    • Set Up HIPS For Maximum Security And Usability
    • Create Rules To Auto-Contain Applications
    • Run An Instant Antivirus Scan On Selected Items
    • Create An Antivirus Scan Schedule
    • Run Untrusted Programs Inside The Container
    • Run Browsers Inside The Container
    • Restore Incorrectly Quarantined Item(s)
    • Submit Quarantined Items To Comodo Valkyrie For Analysis
    • Enable File Sharing Applications Like BitTorrent And Emule
    • Block Any Downloads Of A Specific File Type
    • Disable Auto-Containment On A Per-application Basis
    • Switch Off Automatic Antivirus Updates
    • Suppress CCS Alerts Temporarily
    • Control External Device Accessibility
  • Appendix 2 - Comodo Secure DNS Server
    • Router - Manually Enable Or Disable Comodo Secure DNS Service
    • Windows - Enable Comodo Secure DNS
  • About ITarian

Protected Files


  • The protected files screen shows file groups that are protected from access by other programs.
  • Files in this area are 'read only'. They can be accessed and read by other programs, but not modified.
  • This prevents malicious programs from hijacking important files. It is also useful for safeguarding valuable files (spreadsheets, databases, documents) against accidental or deliberate sabotage.
  • A good example of a file that ought to be protected is your 'hosts' file (c:/windows/system32/drivers/etc/hosts). Adding your host file to this area will allow web browsers to use the file as normal, but will block any attempt to modify it.
  • You can create exceptions if you want to allow a trusted application to access a protected file. See Exceptions for more details about how to allow access to files placed in 'Protected Files'.

Open the 'Protected Files' area

  • Click 'Settings' on the CCS home screen
  • Click 'HIPS' > 'Protected Objects' on the left
  • Click the 'Protected Files' tab:



The buttons at the top provide the following options:

  • Add - Select files/folders that you want to protect
  • Edit - Modify the path of the file or group
  • Remove - Delete the currently highlighted item
  • Purge - Runs a system check to verify that all the files listed are actually installed on the host machine at the path specified. If not, the item is removed (purged) from the list.

Click the search icon on the right to find a specific item. You can enter full or partial names.


Manually add protected items


You can protect individual files, folders, file groups or processes:

  • Click the 'Add' button above the list:


You can add items using any of the following methods:

  • Select from File Groups
  • Browse to a File
  • Browse to a Folder
  • Select from currently running processes


Add a File Group

  • Choosing 'File Groups' allows you to protect a category of pre-set files or folders.
  • For example, selecting 'Executables' allows you to exclude all files with the extensions .exe .dll .sys .ocx .bat .pif .scr .cpl, */cmd.exe, *.bat, *.cmd.
  • Other categories include 'Windows System Applications', 'Windows Updater Applications', 'Start Up Folders' and so on. Each of these provide a fast and convenient way to apply a generic ruleset to important files and folders.
  • Background - CCS ships with a set of predefined 'File Groups' which can be viewed in 'Settings' > 'File Rating' > 'File Groups'. You can also add your own file groups if required.
  • Click 'Add' > 'File Groups' and select the type of 'File Group' from the list:




The selected group will be added to the 'Protected Files' list:




Add an individual file

  • Click 'Add' and choose 'Files' from the options:




  • Navigate to the file you want to add to 'Protected Files' in the 'Open' dialog and click 'Open'

The file will be added to 'Protected Files'.



Add a Drive Partition/Folder

  • Click 'Folders' from the 'Add' drop-down.



The 'Browse for Folder' dialog will appear.

  • Select the folder/drive and click 'OK'. Repeat the process to add more items.

Add an application from a running process

  • Choose 'Running Processes' from the 'Add' drop-down
  • This will open a list of processes that are currently running on your computer:



  • Select the process you want to protect
  • Click 'OK'

The parent application will be added to the 'Protected Files' list:




  • Repeat the process to add more files. The items added to the 'Protected Files' will be protected from access by other programs.

Edit an item in the Protected Files list

  • Select the item from the list and click the 'Edit' button. The 'Edit Property' dialog will appear.



  • Edit the file path, if you have relocated the file and click 'OK'

Delete an item from Protected Files list

  • Select the item from the list and click the 'Remove' button

The selected item will be deleted from the protected files list. CCS will not generate alerts, if the file or program is subjected to unauthorized access.


Exceptions


Users can selectively allow another application (or file group) to modify a protected file by affording the appropriate 'Access Right' in 'Active HIPS Rules' interface.


A simple example would be the imaginary file 'April - 2018.odt'. You would want the 'Open Office Writer' program to be able to modify this file as you are working on it, but you would not want it to be accessed by a potentially malicious program. You would first add the document to the 'Protected Files' area. Once added to 'Protected Files', you would go into 'Active HIPS Rules' and create an exception for 'swriter.exe' so that it alone could modify 'June - 2016.odt'.

  • First add 'April - 2017.odt' to 'Protected Files'
  • Then go to the 'HIPS Rules' interface and add it to the list of applications
  • Click the 'Edit' button after selecting it
  • In the 'HIPS Rule' interface, select 'Use a Custom Ruleset'



  • Under the 'Access Rights' section, click the link 'Modify' beside the entry 'Protected Files/Folders'. The 'Protected Files/Folders' interface will appear.
  • Under the 'Allowed Files/Folders' section, click 'Add' > 'Files' and add swriter.exe as exceptions to the 'Ask' or 'Block' rule in the 'Access Rights'.



Another example of where protected files should be given selective access is the Windows system directory at 'c:/windows/system32'. Files in this folder should be off-limits to modification by anything except certain, Trusted, applications like Windows Updater Applications. In this case, you would add the directory c:/windows/system32* to the 'Protected Files area (* = all files in this directory). Next go to 'HIPS Rules', locate the file group 'Windows Updater Applications' in the list and follow the same process outlined above to create an exception for that group of executables.

Comodo Help
  • IT Platform:
  • Help
  • Scripts
  • Wiki
  • Forum
  • Developer
  • RMM
  • Patch Management
  • Service Desk
  • ITSM
  • Managed Service Provider
  • Managed Detection and Response
  • Ticketing System
  • Helpdesk
  • ITIL

Copyright 2024 Itarian