Jump to content

Recommended Posts

Guest tomazyk
Posted

First I wish Happy New Year to all of you!

 

I have a problem with multiplication of default HIPS rule. I have set ESS HIPS to Learning mode. The rules that are created I manually sort and combine into my own rules (first three rules on attached picture).

Over the time when I created necessary rules, default rule named "Allow registry access and driver loading required for successful boot" started to duplicate. First there was only one rule, then three, now I have four already. I checked all four of them and they are EXACTLY THE SAME.

 

So now to my question: how can I remove redundant default rules? If I delete three redundant rules they are not deleted - when I commit changes with OK, they reappear. It seems as there is no way to remove them. Or am I missing something?

 

Thank you for your help!

 

My specs:

OS: Windows 7 Ultimate X64 SP1 with all updates installed

ESS: 7.0.302.26

HIPS Support module:1106B (20131210)

 

Please tell if any additional info is required.

post-1281-0-78574600-1388567147_thumb.jpg

  • Administrators
Posted

Please send me the file C:\ProgramData\ESET\ESET Smart Security\HipsRules.xml attached to a personal message.

Guest tomazyk
Posted

I've sent you requested file in PM. Thank you for your help.

  • Administrators
  • Solution
Posted

We've found the cause of the rule duplication. The issue will be addressed in the next build of the HIPS module planned for release some time soon.

Guest tomazyk
Posted

OK, will wait for update.

 

Thnx :)

  • Administrators
Posted

HIPS v1107 is now available on pre-release servers. As for the duplicate rules that have already been created, you'll need to remove them manually.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...