1 of 1 people found this helpful
I don't believe this functionality was intended to overlap between products. If you have both VSE and HIPS, use the rules from only one of the products.
If you only have one of the products (and use a different product for the other software functionality), then enable the rules for that product you have.
I've heard HIPS was the better of the two because of more options. Is this correct? Anything one offers over the other? I've also heard these products will be combined in the next big release anyways.
HIPS would be via a signature, and VSE would be via a checkbox in the VSE Access Protection policies. If you are taking the VSE and HIPS events one for one, you would be able to create a more precise HIPS Exception, than you would for VSE.
In the near future this duplication will probably fade away. Obviously I can't promise a thing but the idea is that you won't have duplications like this among products.
In the short term, let me give this advice in the strongest possible way: You should ALWAYS leave the self-protetion rules for VSE enabled 100% of the time regardless of other settings. If you turn these off you are allowing the worst malware to infect your systesms. This was guaranteed even with ancient 2008-era things like Conficker. Self-protection is roughly six check boxes within the AP rules. It isn't the whole thing.
In five years, I have not run across a single business case ever to disable the self-protection rules. It just doesn't exist. The rest of the rules are irrelevant most of the time. The self-protection ones for VSE are absolutely crucial. Hopefully those will also be pulled out of the AP rules section and made impossible to turn off in the near term, too. It would save my customers a lot headaches and break precisely nothing.