1 Reply Latest reply on Apr 3, 2012 4:52 PM by Kary Tankink

    HIPS question

    Dvanmeter

      This one is probably an easy one for any HIPs admin.  Just wanted to confirm what I think.  We have a HIPs policy to block HIGH and Medium, log low and ignore informational.  We have gotten SQL blocked and IIS a couple of times where SQL was trying to call upon a .net file or the same with IIS.  The event was a warning, but it was blocked.  What I think is true is thatr HIPs is detecting specific vulnerability or known behaviors that are malicious and they are detected as High, Medium, Low or informational and based on those events you can Block, log, or ignore.  The warning block I am getting is from application protection where the SQL or IIS service is protecting against "any" calls outside of its own service.  So the category "Warning" is unique to application protection and its either settings are allow or warn.  Am i right on this explanation?