[KB6086] Use ESET Remote Administrator (6.x) to disable HIPS

Issue

End of support for version 6.4 and 6.5 of ESET Remote Administrator / MDM

ESET Remote Administrator version 6.5 is currently in Limited Support status and will soon be in Basic Support status. It is expected to reach End of Life status in December 2020.

ESET Remote Administrator version 6.4 is currently in End of Life status and no longer available for download.

The MDM functionality in ESET Remote Administrator version 6 is currently in End of Life status and no longer available for download

Details

ESET Host-based Intrusion Prevention System (HIPS) is included in ESET Endpoint Security, ESET Endpoint Antivirus, ESET Mail Security for Microsoft Exchange, and ESET File Security for Microsoft Windows Server. HIPS monitors system activity and uses a pre-defined set of rules to recognize suspicious system behavior. When this type of activity is identified, the HIPS self-defense mechanism stops the offending program or process from carrying out potentially harmful activity. Changes to the Enable HIPS and Enable Self-defense settings take effect after the Windows operating system is restarted.

Solution

 Endpoint users: Perform these steps on individual client workstations

Advanced users only!

By default, the Host-based Intrusion Prevention System (HIPS) is pre-configured to ensure maximum protection of your system. While the creation of a HIPS rule may be needed to resolve an issue in certain infrequent cases, the manipulation of HIPS rules requires advanced knowledge of applications and operating systems and is not recommended.
  1. Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in. Open ERA Web Console.

  2. Click AdminPolicies and select the policy you want to modify. Click the gear icon, and select Edit from the context menu.

    Figure 1-1
    Click the image to view larger in new window

  3. Expand Settings, click Antivirus HIPS, and then click the slider bar next to Enable HIPS to disable it.
     
  4. Click Finish. Client computers assigned to the policy you modified will receive this new HIPS rule the next time they check in to the ESET Remote Administrator Server (ERA Server).

    Figure 1-2
    Click the image to view larger in new window

Re-enable HIPS

We recommend re-enabling HIPS again as soon as possible so that your machine(s) will again be fully protected.