cancel
Showing results for 
Search instead for 
Did you mean: 
gerryrigney
Level 9

ePO HIPS report question

Hi All

I have a question, I'm sure I should have asked this a long time ago however . . .

We're running HIPS 6.1, when I run the IPS event summery I get lots a fair few results,

My question is:

Are these reports of actual attempts from someone/ something trying to exploit a vulnerability?

or

Are they reports of the existance of a vulnerability on an unpatched system?

Thanks for any info
gerryR
0 Kudos
2 Replies
Raja
Level 9

RE: ePO HIPS report question

These reports show that HIP detected a behavior that matched an enabled IPS signature. That behavior could fall into either category you described. Some sigantures detect a behavior related to a vulnerability. In some cases this could be a false positive. You simply patch the vulnerability and then you can disable the signature. Just because you applied a patch doesn't mean that HIP won't still detect the behavior.

-R-
0 Kudos
gerryrigney
Level 9

RE: ePO HIPS report question

Thanks for the info Raja
0 Kudos