cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Multiple HIPS Policies applied (stack), which policy to apply exception?

First post, nice to meet you all

 

Thank you in advance for any help.

I work in an environment where we have multiple HIPS policies applied in a stack. Some of them are a matter of compliance and cannot be deleted or else we fall out of compliance and have commited a security violation. My question is, given the information below, scenario based-

Policy 1

Policy 2 *has a signature that blocks a particular file or executable

Policy 3

Policy 4

Policy 5

Given the stack of policies above, can the exception be provided in Policy 5 even though the block is coming from a signature in Policy 2? Does the list/stack of policies rely on sequence? Or does the ePO server ultimately look at the list of policies singularly?

One of the reasons I ask is- when we discover a block, due to developers testing their software, we create an exception in HIPS (provided it's a HIPS block), however I do not see anything from the ePO or in the HipShield.log specifying which policy the block is occuring from.