Lately I had to write several new rules (ePO version 4.6.6, HIPS version 18.104.22.1684) in order to monitor different possibilities for a registry value under a certain key.
The new rules worked well, so I disabled the old rule which generally monitored changes in the requested key's value (I needed to have different rules with different event codes - just mind that this rule was also written by me and not a default IPS rule).
Several days later, I have stopped receiving events from my newly-written rules for no reason at all, as the policy hasn't changed since I started enforcing my new set of rules.
Not only that, but I also started to receive events from the old rule again, even though it is STILL set to be disabled.
I couldn't find any good explanation online, as well as resolve this problem myself...
I would appreciate if anyone could help me with this issue - has anyone experienced it before?
How can I fix this and start receiving events from my new, better rules again?
And how can I avoid running into the same problem again in the future?