We are using ePO and VSE 8.8 U13. I'd like to start using the firewall component (HIDS I believe) on our windows 10 1809 estate. How reliable is the HIDS component? Anyone any horror stories on Windows with it? Is it generally stable and easy to configure?
Thank you for posting your query "HIPS Stability and Flexibility"
Best practices When you create or customize a firewall rules policy, place the more specific rules at the top of the list, and the more general rules at the bottom. This ensures that Host Intrusion Prevention filters traffic appropriately.
For example, to allow all HTTP requests except from a specific address (for example, IP address 10.10.10.1), you need to create two rules: • Block Rule — Block HTTP traffic from IP address 10.10.10.1. This rule is more specific. • Allow Rule — Allow all traffic using the HTTP service. This rule is more general.
You must place the more specific Block Rule higher in the firewall rules list than the more general Allow Rule. This ensures that when the firewall intercepts the HTTP request from address 10.10.10.1, the first matching rule it finds is the one that blocks this traffic through the firewall. If you placed the more general Allow Rule higher than the more specific Block Rule, Host Intrusion Prevention would match all HTTP requests against the Allow Rule before it found the Block Rule. It would thus allow the traffic, even though you wanted to block the HTTP request from a specific address.
HIPS 8.0 Patch 12 and later support Windows 10 October 2018 Update - version 1809 (32-bit and 64-bit)