Is there a certain HIPS setting where i can only allow certian file types to be download (*.pdf or *.docx)? I thought i might be able to do it with a file group variable and making some HIPS changes to protected objects, but I’m not sure i did the right thing.
Any help will be greatly appreciated.
Hi, could that setting also solve my problem? With Hips enable if an outlook user clicks on a pdf attachment nothing happend. If I disable Hips the pfd is opened
More likely, the heuristic command-line analysis is enabled for *\acrord32.exe interpreter in your profile. It means that CCS considers every pdf file as a separate executable file and calculates the rating for every such file. If you haven’t set the admin rating for such file before, CCS rates them as Unrecognized. What HIPS does is that it doesn’t allow starting Unrecognized Files by any Trusted application except explorer.exe. What you can do is add HIPS rule to allow Outlook to run pdf files. But they will still be contained if they are launched from temp location or a removable media. To exclude pdf(s) from being contained, Containment ignore rule should be created.
Important Note: pdf files may contain embedded script that may be harmful for the PC.