I have taken the application W3WP.EXE and made it a trusted applications
W3WP.EXE is still triggering HIPS IPS on my WSUS Server. Its triggering by shielding where W3WP is attempting to patch a location outside where the .EXE is stored.
shouldn't IPS allow this since its in trusted apps, or do i need to make an IPS exemption as well ?
Trusted applications are still monitored, and can still trigger on a small subset of signatures. I believe all of these signatures are high - there will still be situations where explicit exceptions will be required.