Please make sure you are following the Best Practices information in the HIPS 8 Product Guide (Page 11, Section: Best Practices for Quick Success). Do enable too much protection at one time (particularly with IPS; start with HIGH only, and work down as needed; don't enable all Protection levels, as it will generate a lot of events). Also read the section tilted Activate adaptive mode.
Adaptive mode is meant for learning rules for a short period of time. Do not leave it on for months at a times, as it could create just too many rules to review and could also cause errors on the ePO server (see KB71607).
PD22894 - Host Intrusion Prevention 8.0 for ePO 4.5 Product Guide
Thanks for the links
Do enable too much protection at one time
Sorry, that should be Do not.
I can't echo Kary's statement too strongly (the one about not doing too much). The most common mistake is logging too much information. Test the levels within Host IPS individually. Test the High level content. Don't bother with Logging and then staring at the events. Go out and pilot it on actual machines. What you will see if that there are a lot of applications that may be poorly written. Those apps make bad API calls and Host IPS silent drops them. The real life scenario is that the vast majority of these simply aren't needed. Nothing beats actual testing.
In a real life deployment of those product you should expect a maximum of about FIVE (5) excpetions for an entire enterprise across the High and Medium level content. Two of them usually relate to VNC if that is an application you use. Nothing beats a real pilot test.