How can a person validate if a specific Application Protection Rule (defined in an IPS Rules policy), has been applied to a system? I keep making Application Protection test rules, either an "Exclude" or an "Include" rule, and neither shows up in my Application Protection list, within the HIPS Client UI. I see a bunch of other prepopulated rules, but not the one I made a "test.exe" rule for. Am I even looking in the right spot? This is despite several wake up calls.
If you INCLUDE a process, then when that process runs on the system, you will see it in the HIPS ClientUI App Protection List tab.
If you EXCLUDE a process, then when that process runs on the system, you will NOT see it in the HIPS ClientUI App Protection List tab.
You won't see that entry unless you have a process running in memory with that exact Exectuable criteria. Also, the process must be restarted if it's already running when a new INCLUDE/EXCLUDE rule is applied.