HIPS interactive window
The HIPS notification window enables you to create a rule based on new actions that HIPS detects and then define the conditions under which to allow or deny an action.
Rules created from the notification window are considered to be equivalent to rules created manually. A rule created from a notification window can be less specific than the rule that triggered that dialog window. This means that after creating a rule in the dialog box, the same operation can trigger the same window. For more information, see Priority for HIPS rules.
If the default action for a rule is set to Ask every time, a dialog window will be displayed each time the rule is triggered. You can choose to Deny or Allow the operation. If you do not choose an action in the given time, a new action is selected based on the rules.
Remember until application quits causes the action (Allow/Deny) to be used until a change of rules or filtering mode, a HIPS module update or a system restart. After any of these three actions, temporary rules will be deleted.
The Create rule and remember permanently option will create a new HIPS rule which can be later altered in the HIPS rule management section (requires administration privileges).
Click Details at the bottom to see what application triggers the operation, what is the file's reputation or what kind of operation you are asked to allow or deny.
Settings for the more detailed rule parameters can be accessed by clicking Advanced options. The options below are available if you select Create rule and remember permanently:
- Create a rule valid only for this application—If you deselect this check box, the rule will be created for all source applications.
- Only for operation—Select the rule file/application/registry operation(s). See descriptions for all HIPS operations.
- Only for target –Select the rule file/application/registry target(s).
To stop the notifications from appearing, change the filtering mode to Automatic mode in Advanced setup > Detection engine > HIPS > Basic. |