Multiplication of default HIPS rule

[Guest tomazyk]

First I wish Happy New Year to all of you!

 

I have a problem with multiplication of default HIPS rule. I have set ESS HIPS to Learning mode. The rules that are created I manually sort and combine into my own rules (first three rules on attached picture).

Over the time when I created necessary rules, default rule named "Allow registry access and driver loading required for successful boot" started to duplicate. First there was only one rule, then three, now I have four already. I checked all four of them and they are EXACTLY THE SAME.

 

So now to my question: how can I remove redundant default rules? If I delete three redundant rules they are not deleted - when I commit changes with OK, they reappear. It seems as there is no way to remove them. Or am I missing something?

 

Thank you for your help!

 

My specs:

OS: Windows 7 Ultimate X64 SP1 with all updates installed

ESS: 7.0.302.26

HIPS Support module:1106B (20131210)

 

Please tell if any additional info is required.

[Marcos 5,070]

Please send me the file C:\ProgramData\ESET\ESET Smart Security\HipsRules.xml attached to a personal message.

[Guest tomazyk]

I've sent you requested file in PM. Thank you for your help.

[Marcos 5,070]

We've found the cause of the rule duplication. The issue will be addressed in the next build of the HIPS module planned for release some time soon.

[Guest tomazyk]

OK, will wait for update.

 

Thnx

[Marcos 5,070]

HIPS v1107 is now available on pre-release servers. As for the duplicate rules that have already been created, you'll need to remove them manually.