Guest tomazyk Posted January 1, 2014 Posted January 1, 2014 First I wish Happy New Year to all of you! I have a problem with multiplication of default HIPS rule. I have set ESS HIPS to Learning mode. The rules that are created I manually sort and combine into my own rules (first three rules on attached picture). Over the time when I created necessary rules, default rule named "Allow registry access and driver loading required for successful boot" started to duplicate. First there was only one rule, then three, now I have four already. I checked all four of them and they are EXACTLY THE SAME. So now to my question: how can I remove redundant default rules? If I delete three redundant rules they are not deleted - when I commit changes with OK, they reappear. It seems as there is no way to remove them. Or am I missing something? Thank you for your help! My specs: OS: Windows 7 Ultimate X64 SP1 with all updates installed ESS: 7.0.302.26 HIPS Support module:1106B (20131210) Please tell if any additional info is required.
Administrators Marcos 5,455 Posted January 2, 2014 Administrators Posted January 2, 2014 Please send me the file C:\ProgramData\ESET\ESET Smart Security\HipsRules.xml attached to a personal message.
Guest tomazyk Posted January 2, 2014 Posted January 2, 2014 I've sent you requested file in PM. Thank you for your help.
Administrators Solution Marcos 5,455 Posted January 3, 2014 Administrators Solution Posted January 3, 2014 We've found the cause of the rule duplication. The issue will be addressed in the next build of the HIPS module planned for release some time soon.
Administrators Marcos 5,455 Posted January 9, 2014 Administrators Posted January 9, 2014 HIPS v1107 is now available on pre-release servers. As for the duplicate rules that have already been created, you'll need to remove them manually.
Recommended Posts