https://support.eset.com/kb5687
Details
ESET's Host-based Intrusion Prevention System (HIPS) is included in ESET Endpoint Security, ESET Endpoint Antivirus, ESET Mail Security for Microsoft Exchange, and ESET File Security for Microsoft Windows Server. HIPS monitors system activity and uses a set of pre-defined rules to recognize suspicious system behavior. When this type of activity is identified, the HIPS self-defense mechanism stops the offending program or process from carrying out potentially harmful activity. Changes to the Enable HIPS and Enable Self-defense settings take effect after the Windows operating system is restarted.
Solution
Create a HIPS rule from the ESET Remote Administrator Web Console
-
Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in. Open ERA Web Console
- Click Admin → Policies, click the gear icon next to the policy you want to modify, and then select Edit from the context menu.
Figure 1-1
Click the image to view larger in new window - Expand Settings, click Antivirus → HIPS, and then click Edit next to Rules.
Figure 1-2
Click the image to view larger in new window - Click Add.
Figure 1-3
- Configure your rule. In the example, operations affecting registry entries are blocked, and the end user will be notified when this action is performed by the HIPS module. When you are finished, click Next.
Figure 1-4
- In the Source applications window, select your desired option from the drop-down menu. In this example, the HIPS rule will block any application that attempts to modify registry values. Click Next.
Figure 1-5
- In the Registry operations window, specify which operations will trigger this rule. In this example, Delete from registry is selected. Click Next.
Figure 1-6
- In the Registry entries window, select your desired option from the drop-down menu. In this example, we are blocking the deletion of any registry entries. Click Finish.
Figure 1-7
- Click OK to save the rule.
Figure 1-8
- Click Finish. Computers assigned to the policy you modified will receive this new HIPS rule the next time they check into ESET Remote Administrator Server (ERA Server).
Figure 1-9
Create a HIPS rule on individual client workstations
- Press the F5 key to access Advanced setup.
- Click Antivirus → HIPS and then click Edit next to Rules.
Figure 2-1
- Click Add.
Figure 2-2
- Configure your rule. In the following example, we will block certain operations affecting applications, and the user will be notified of the action. Click Next.
Figure 2-3
- In the Source applications window, select your desired option from the drop-down menu. In this example, the HIPS rule will block any application that attempts to modify registry values. Click Next.
Figure 2-4
- In the Application operation window, click the slider bar next to the operation(s) you want to block. In this example, the HIPS rule will block any application that attempts to debug another application. Click Next.
Figure 2-5
- In the Applications window, select your desired option from the drop-down menu. In this example, the rule will apply to all applications. Click Finish.
Figure 2-6
- Click OK to save the new HIPS rule and then click OK again to exit advanced setup. Changes will take effect after the Windows operating system is restarted.
Figure 2-7
Reactie toevoegen
Log in of registreer om een reactie te plaatsen.