[KB7257] Create a HIPS rule and enforce it on a client workstation using ESET Security Management Center (7.x)

0
(0)

Details

ESET business product in Limited Support status

This article applies to an ESET product version that is currently in Limited Support status and is scheduled to reach End of Life status soon.

For a complete list of supported products and support level definitions, review the ESET End of Life Policy for business products.

Upgrade ESET business products.

ESET’s Host-based Intrusion Prevention System (HIPS) is included in ESET Endpoint Security, ESET Endpoint Antivirus, ESET Mail Security for Microsoft Exchange, and ESET File Security for Microsoft Windows Server. HIPS monitors system activity and uses a set of pre-defined rules to recognize suspicious system behavior. When this type of activity is identified, the HIPS self-defense mechanism stops the offending program or process from carrying out potentially harmful activity. Changes to the Enable HIPS and Enable Self-defense settings take effect after the Windows operating system is restarted.

Solution

 Endpoint users: Perform these steps on individual client workstations

Advanced users only!

By default, the Host-based Intrusion Prevention System (HIPS) is pre-configured to ensure maximum protection of your system. While the creation of a HIPS rule may be needed to resolve an issue in certain infrequent cases, the manipulation of HIPS rules requires advanced knowledge of applications and operating systems and is not recommended.

  1. Open ESET Security Management Center Web Console (ESMC Web Console) in your web browser and log in.
  2. Click Policies, click the gear icon next to the policy you want to modify, and then select Edit from the context menu.

    Figure 1-1
    Click the image to view larger in new window

  3. Click Settings → Detection Engine → HIPS, and then click Edit next to Rules.

    Figure 1-2
    Click the image to view larger in new window

  4. Click Add.

    Figure 1-3

  5. Configure your rule. In the example, operations affecting registry entries are blocked, and the end-user will be notified when this action is performed by the HIPS module. When you are finished, click Next.

    Figure 1-4

  6. In the Source applications window, select your desired option from the drop-down menu. In this example, the HIPS rule will block any application that attempts to modify registry values. Click Next.

    Figure 1-5

  7. In the Registry operations window, specify which operations will trigger this rule. In this example, Delete from registry is selected. Click Next.

    Figure 1-6

  8. In the Registry entries window, select your desired option from the drop-down menu. In this example, we are blocking the deletion of any registry entries. Click Finish.

    Figure 1-7

  9. Click OK to save the rule.

    Figure 1-8

  10. Select how HIPS rules defined by this policy will interact with previously defined HIPS rules on the assigned computers (read more about policy merging in the Online Help).
  11. Click Finish. Computers assigned to the policy you modified will receive this new HIPS rule the next time they check into ESET Security Management Center Server (ESMC Server).

    Figure 1-9

Languages

Please contact your local support agent if you would like us to translate this article.

Last Updated: May 20, 2021

Related articles:

Source : Official ESET Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 19 times, 1 visits today)
Tagged: