[KB2811] Enable or disable Host-based Intrusion Prevention System (HIPS) in ESET products

Issue

Details


Click here to expand

The Host-based Intrusion Prevention System (HIPS) protects your system from malware and unwanted activity attempting to affect your computer negatively.

HIPS utilizes advanced behavioral analysis coupled with the detection capabilities of network filtering to monitor running processes, files and registry keys. HIPS is separate from Real-time file system protection and is not a firewall; it only monitors processes running within the operating system.

Users can define a custom ruleset to replace the default ruleset; however, this requires advanced knowledge of applications and operating systems and is not recommended in most situations.


Solution

Disable HIPS protection for troubleshooting purposes

Only disable HIPS for troubleshooting

You should only disable HIPS if instructed by ESET Technical Support or for troubleshooting purposes. When you have finished troubleshooting, re-enable HIPS protection.

  1. Open the main program window of your ESET Windows product.

  2. Press the F5 to open Advanced setup.

  3. Click Detection Engine HIPS, and click the toggle next to Enable HIPS to disable it.

    Figure 1-1
  4. Click OK.

    Figure 1-2
  5. Restart your computer. After your computer restarts, HIPS will be completely disabled. The ESET program window will display a red border to indicate that maximum protection is not ensured and your computer is vulnerable to threats. Be sure to re-enable HIPS after you finish troubleshooting.


Enable HIPS protection

  1. Open the main program window of your ESET Windows product.

  2. Click Enable HIPS. If the Security alert does not appear on the Overview screen, click Setup Computer protection and click the toggle next to Host Intrusion Prevention System (HIPS).

    Figure 2-1
  3. Click the toggle next to Enable HIPS to enable it.

    Figure 2-2
  4. Click OK and restart your computer for the changes to take effect. When your computer has finished restarting, maximum protection will be restored and your computer will be fully protected.

    Figure 2-3