marceltomaskovic 0 Posted May 3, 2017 Share Posted May 3, 2017 Hi guys, I have ESET ERA 6.5. I was reinstall ESET Endpoint Antivirus 5 to Endpoint Security 6.5. Process reinstall was ok, but in status on host I have this error: Host Intrusion Prevention System (HIPS) is disabled Firewall rule is set to enable and is applicated. How I can resolve this issue? Thank you Link to comment Share on other sites More sharing options...
Administrators Marcos 5,069 Posted May 3, 2017 Administrators Share Posted May 3, 2017 Please collect logs with ESET Log Collector as per the instructions linked in my signature. If the generated zip file exceeds 2 MB, upload it to a safe location and pm me a download link. Otherwise attach it to the pm. Link to comment Share on other sites More sharing options...
marceltomaskovic 0 Posted May 5, 2017 Author Share Posted May 5, 2017 (edited) Hi Marcos, here is collected logs. Edited May 5, 2017 by Marcos Link removed Link to comment Share on other sites More sharing options...
Administrators Marcos 5,069 Posted May 5, 2017 Administrators Share Posted May 5, 2017 You have HIPS disabled. As a result, Self-defense, Advanced memory scanner and Exploit Blocker don't work either. Please re-enable it for maximum protection: Link to comment Share on other sites More sharing options...
marceltomaskovic 0 Posted May 5, 2017 Author Share Posted May 5, 2017 yes, I know - I have HIPS disabled. But if I have ESET Endpoint Antivirus, or Endpoint Security 6.3/6.4 and upgrade to ESET Endpoint Security 6.5 after upgrade will by this options HIPS disabled. Firewall rule is set to enable and is applicated. This is happend only if I do upgrade to Enpoint Security 6.5. Actually I have 4689 pc's where is HIPS disabled. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,069 Posted May 5, 2017 Administrators Share Posted May 5, 2017 HIPS must be enabled as it's one of the 2 most important protection modules. What was the reason for disabling it? Disabling it has substantial adverse effect on protection and I'd say it's similar to disabling real-time protection. When we add ransomware protection to Endpoint, it won't work either with HIPS disabled. It's also important for proper reporting of suspicious events to ESET Enterprise Inspector (not yet available). Link to comment Share on other sites More sharing options...
marceltomaskovic 0 Posted May 5, 2017 Author Share Posted May 5, 2017 Problem is after upgrade to new ESET Endpoint 6.5 After this update HIPS is disabled and I dont know why. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,069 Posted May 5, 2017 Administrators Share Posted May 5, 2017 If I understand it correctly, you had HIPS enabled in Endpoint v5 but it was disabled automatically after upgrading to Endpoint v6? Do you see a padlock next to this setting? If so, HIPS was disabled by a policy. Link to comment Share on other sites More sharing options...
marceltomaskovic 0 Posted May 5, 2017 Author Share Posted May 5, 2017 yes, after upgrade to 6.5 is HIPS disabled - this is problem. Policy rule is set to enable and is applicated. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,069 Posted May 5, 2017 Administrators Share Posted May 5, 2017 Please provide me with the file "C:\ProgramData\ESET\ESET NOD32 Antivirus\lastPolicy.dat" from that computer. Also make sure that the policy enabling HIPS has the force flag set to ensure that the setting is not overridden by another policy. Link to comment Share on other sites More sharing options...
Recommended Posts