Learning Classical Hips

I am currently using one of the more complicated HIPS software that gives a lot of pop ups. By that I mean HIPS products such as System Safety Monitor, ProSecurity, Neoava Guard, and EQSecure. Since coming here, I learned to disallow low level disk access by default and I am denying everything the first time around to see if anything would break. What are some ways that I can speed up the learning process? I'm also wondering if I need to write some rules with the HIPS program to give myself better protection. Please help this newbie out because I have a lot to learn.

 

I would first make sure you understand "how" the HIPS you are using works. The user guide will provide either a sufficient or less than sufficient degree of information on it, depending upon the HIPS you are using, but it will certainly be a good starting point.

From there take a look at some of the rules you have created with it just to see what sort of role the applications are playing in your configuration. You should soon see that some common MS processes play a significant role in Windows, such as explorer.exe, svchost.exe and rundll32.exe, to name a few.

BTW, if you want to take a shortcut in the learning process, you could run the HIPS in "Learning mode" for a day or two on a known clean system, allowing the hIPS to auto-create the rules for you during this time. However, just be sure to play safe during the learning window by not running anything risky such as p2p downloads or email attachments, or surf in dark territory.