[KB7949] Disable HIPS in Endpoint products using ESET PROTECT or ESET PROTECT On-Prem

Issue

Required user permissions

This article assumes that you have the appropriate access rights and permissions to perform the tasks below.

If you use the default Administrator user or are unable to perform the tasks below (the option is unavailable), create a second administrator user with all access rights.

  • Disable HIPS in Endpoint products using ESET PROTECT or ESET PROTECT On-Prem

Details

The ESET Host-based Intrusion Prevention System (HIPS) is included in ESET Endpoint Security, ESET Endpoint Antivirus, ESET Mail Security for Microsoft Exchange, and ESET File Security for Microsoft Windows Server.

HIPS monitors system activity and uses a pre-defined set of rules to recognize suspicious system behavior. When this type of activity is identified, the HIPS self-defense mechanism stops the offending program or process from carrying out a potentially harmful activity. Changes in the Enable HIPS and Enable Self-Defense settings take effect after the Windows operating system is restarted.

Solution

 Endpoint users: Perform these steps on individual client workstations

Manipulation of HIPS rules

By default, HIPS is pre-configured to ensure the maximum protection of your system. While the creation of a HIPS rule might be necessary to resolve an issue in certain situations, manipulation of HIPS rules requires advanced knowledge of applications and operating systems and it is not recommended.

  1. Open ESET PROTECT On-Prem in your web browser and log in.

  2. Click Policies, select the Built-in policy, and then select your default policy for clients.

  3. Click Actions and then click Edit.

Figure 1-1
Click the image to view larger in new window
  1. Click Settings, expand Detection Engine, and then click HIPS.

  2. Click the toggle next to Enable HIPS to disable it.

Re-enable HIPS

We recommend re-enabling HIPS as soon as possible to protect your machines.

  1. Click Finish to save your changes.

Figure 1-2
Click the image to view larger in new window