Issue
Details
ESET’s Host-based Intrusion Prevention System (HIPS) is included in ESET Endpoint Security and ESET Endpoint Antivirus. HIPS monitors system activity and uses a pre-defined set of rules to recognize suspicious system behavior. When this type of activity is identified, the HIPS self-defense mechanism stops the offending program or process from carrying out potentially harmful activity. Changes to the Enable HIPS and Enable Self-defense settings take effect after the Windows operating system is restarted.
Solution
Create a HIPS rule from the ESET Remote Administrator Console
If you do not use ESET Remote Administrator to manage your network:
Perform these steps on individual client workstations.
- Open the ESET Remote Administrator Console by clicking Start → All Programs → ESET → ESET Remote Administrator Console → ESET Remote Administrator Console.
- Click Tools → Policy Manager.
- Select the policy you want to edit and click Edit Policy.
Figure 1-1
Click the image to view larger in new window - Expand Windows desktop v5 → HIPS → Settings, click Rules and advanced options and then click Edit.
Figure 1-2
Click the image to view larger in new window - Click New.
Figure 1-3
Click the image to view larger in new window - Configure your rule. In the following example, we will demonstrate how to restrict unwanted behavior of certain applications:
- Name the rule and select Block from the Action drop-down menu.
- Click the Target applications tab (leave the Source applications tab blank to apply your new rule to all applications).
- Select the check box next to Modify state of another application and then click Add.
Figure 1-4
Click the image to view larger in new window - Type the path of the application you want to apply this rule to into the Value field, or click Select file or Select folder to navigate to the application and exclude it that way. When you are finished, click OK.
Figure 1-5
Click the image to view larger in new window - Select the check box next to Notify user to display a user notification whenever the rule is applied. When you are finished making changes, click OK → OK to save this rule.
Figure 1-6
Click the image to view larger in new window
- Click Console → Yes to save your changes. Click OK to exit Policy Manager. Changes will take effect after the Windows operating system is restarted.
Create a HIPS rule on individual client workstations
- Open ESET Endpoint Security or ESET Endpoint Antivirus. How do I open my ESET product?
- Press F5 to access Advanced setup.
- Expand Computer, click HIPS → Configure rules.
Figure 2-1
Click the image to view larger in new window - Click New.
Figure 2-2
Click the image to view larger in new window - Configure your rule. In the following example, we will demonstrate how to restrict unwanted behavior of applications:
- Name the rule and select Block from the Action drop-down menu.
- Click the Target applications tab (leave the Source applications tab blank to apply your new rule to all applications).
- Select the check box next to Modify state of another application and then click Add.
Figure 2-3
Click the image to view larger in new window - Type the path of the application you want to apply this rule to into the Value field, or click Select file or Select folder to navigate to the application and exclude it that way. When you are finished, click OK.
Figure 2-4
- Select the check box next to Notify user to display a user notification whenever the rule is applied. When you are finished making changes, click OK → OK to save this rule.
Figure 2-5
Click the image to view larger in new window
- Click OK to save your changes and exit Advanced setup. Changes will take effect after the Windows operating system is restarted.