As I can not find the correlated introduction of “Protected Files” on the wiki website of Xcitium, I post my question here.
Today I wanna use the “Protected Files” function to protect some important files. You can find this function via “Advanced settings – HIPS – Protected Objects – Protected Files”. In my test, I first create a file group that contains some .doc&.docx files that I want to protect. Then I added this group to the “Protected Files” session. I use Microsoft Word to open a docx file that is in the protected files and it shows READ ONLY in the Word window. I think it works as expected so far.
However, what I really want to achieve is protecting these files from deleting or modifying by other applications rather than the Word application. In other words, the editing or modification of the protected files should be allowed by specified apps.
To this end, I tried to create a HIPS rule for Word application and add the above-mentioned “Protected Files” in its rules edit windows “Access rights – Protected files/folders – modify – Allowed files/folders”. After that, I reopened the file with the Word application, it still shows as READ ONLY. It does not work as expected.
Since there is no instruction on your wiki website, I tried to learn some tips from the help file of CIS. You can find it here.
After following the instructions, this issue persists. Meanwhile, I can ensure that official help instruction on the Protected Files especially the given example is totally wrong. You can test it.
I have no idea how to realize my expectation of Protected Files. I appreciate it very much if you could give me any advice.
Correction. In your words, the so-called “feature request” is not to request to develop a new feature but to implement the request based on the existing function. For instance, giving some tips on how to create the rules.
Hi @nivedithab, thank you for your detailed instructions. I have tested it on XCS and it works great.
I have another question on step 4. If I remember correctly, in COMODO Internet Security
(not XCS) the order of the HIPS rules from top to bottom determines the processing sequence and priority level. The rule on the top (the first rule in the HIPS rules list) has the highest priority, while the rule on the bottom (the last rule, i.e., the “All Applications” rule) has the lowest priority. Hence, the created rule for WINWORD.EXE should be located above the “All Applications” rule in CIS. I have tested and it works after moving it above the “All Applications” rule in CIS.
However, according to your instructions and the test result on XCS. The rule only works when putting the created rule under the “All Applications” rule. Whether this opposite result indicates that the XCS has changed the handling sequence of the HIPS rules (from bottom to top)?
HIPS rules work in different manner. It checks rules from top to bottom to build final config, if there are duplicated items for the same object, last rule overrides previous ones. So in general we can say the priority is reversed and allow rule should be on the bottom.