1 Reply Latest reply: Dec 19, 2013 1:32 PM by Kary Tankink RSS

    Application Protection list in HIPS Client UI

    greatscott

      How can a person validate if a specific Application Protection Rule (defined in an IPS Rules policy), has been applied to a system? I keep making Application Protection test rules, either an "Exclude" or an "Include" rule, and neither shows up in my Application Protection list, within the HIPS Client UI. I see a bunch of other prepopulated rules, but not the one I made a "test.exe" rule for. Am I even looking in the right spot? This is despite several wake up calls.

        • 1. Re: Application Protection list in HIPS Client UI
          Kary Tankink

          If you INCLUDE a process, then when that process runs on the system, you will see it in the HIPS ClientUI App Protection List tab.

          If you EXCLUDE a process, then when that process runs on the system, you will NOT see it in the HIPS ClientUI App Protection List tab.

           

          You won't see that entry unless you have a process running in memory with that exact Exectuable criteria.  Also, the process must be restarted if it's already running when a new INCLUDE/EXCLUDE rule is applied.