Multiple HIPS Policies applied (stack), which policy to apply exception?
First post, nice to meet you all
Thank you in advance for any help.
I work in an environment where we have multiple HIPS policies applied in a stack. Some of them are a matter of compliance and cannot be deleted or else we fall out of compliance and have commited a security violation. My question is, given the information below, scenario based-
Policy 2 *has a signature that blocks a particular file or executable
Given the stack of policies above, can the exception be provided in Policy 5 even though the block is coming from a signature in Policy 2? Does the list/stack of policies rely on sequence? Or does the ePO server ultimately look at the list of policies singularly?
One of the reasons I ask is- when we discover a block, due to developers testing their software, we create an exception in HIPS (provided it's a HIPS block), however I do not see anything from the ePO or in the HipShield.log specifying which policy the block is occuring from.