This I have found powerful although lacking in some functionality, but I seem to have come across a nasty problem sadly, I have now got quite a lot of rules and the earliest rules I added stopped working and had to be duplicated. So I seem to have come across some kind of internal rule limit. Anyone else came across this? This will likely fast forward me installing rehips now to migrate hips workload to it.
will count my rules, is possible I have more than 80. Most are rules to authorise starting or modifying applications. As I have a default ask policy for binary start.
You might want to try exporting your existing rules, reset the HIPS to default, then import the rules and see if that fixes the problem. BTW - a hundred or so rules should not affect the HIPS. If you run in training mode, a rule is created for each distinct activity the HIPS encounters. So for one process alone, you could easily end up with 10 rules. One reason I never used training mode to create rules.
not using training mode. I have a default ask for starting applications, but this isnt the same as training mode. explorer.exe is allowed to run anything in the program files folder and a couple of other whitelisted locations also to reduce the total rules.
rehips I will be testing in a VM soon, and if looks good enough to use on my main rig, I will use it.
The model seems ok to me, I am not going to be using it for its isolated process feature, but just for HIPS rules.