I'm testing HIPS at the moment and have it installed on a couple of Windows 7 pcs, an xp pc and a virtual xp machine. I've then created a file with a double file extension (test.txt.exe). When I try and run this it's picked up on the Windows 7 pcs as Suspicious Double File Extension Execution as I would expect, problem is if I try the same test on the xp pc and xp vm, neither pick it up and it isn't listed in the HIPS Activity Log as it is on Windows 7 pcs.
Any ideas, does xp require different installation?
Hope you can help.
should be the same. Make sure the policy is set the same on each machine, default or my directory, whatever policy. Verify IPS is on too... It would seem to be a simple thing.
They all should be using the default policy, all I have done is check in the HIPS software (+extensions) and created tasks to install on the clients. So not sure how each client is behaving differently.