I am using HIPS 7.0 and have assigned the Client UI and the Application Blocking Options (Windows) policies on a test box. I have slightly modified both policies. EX: the app blocking for windows I have set to regular protection for app blocking/hooking and the enable application creation and enable hooking is disabled. The client UI is the the default. It seems hips can really lock down certain aspects of my environment, if I specify what it is or enable the learn or adaptive modes (the learn mode is kind of annoying). There are four policies total and a bunch of configurable rules for each etc... Is the out of the box (basic protection) enough. I have already deployed the new av and anti-spyware which seems to be working well. I am not really looking to lock down my environment per say, just trying to explore hips without getting to deep into it. Some of these policies and the rules associted with them are a little confusing. Any advice is greatly appreciated. Thanks
I would recommend deploying HIPs in adaptive mode, and as you learn rules, I would add them to your policy. Then when all new rules learned are ones that you would block, just go to enforcing mode instead of adaptive mode.