I've got a client who is planning on deploying HIPS to a pile of workstations, but there is need to support file integrity monitoring for PCI DSS 11.5. My question is, does HIPS have the capability of alerting on file changes at all? In this case, we're looking at a basic Windows install for the most part, main payment applications are accessed via browser.
I understand that other products do this directly, but they're naturally reluctant to do more than required.
You can create custom signatures to block/log file/folder access/changes.
This can help you in monitoring the changes.
But incase you Block the c:\windows folder from any changes then you might run into issues when hotfix/patch/servicepack install happens.
So test thoroughly.
This client is investigating a few options, including some which will affect their patch management processes. This may not be the optimal solution, but it does provide them with one alternative.