Without this type of training there is a high likelihood that the user will adversely affect valid process activity and worse, allow malware activity. The best time to use learning mode is immediately after the OS has been installed.įinally, running the HIPS in interactive mode is only recommended for experienced users that have the training to differentiate valid process activity from malware based activity. Any existing malware will also be "learned" and HIPS allow rules created for the same.
Additionally learning mode can be switch on when installing a new application - note the below caution.Ĭaution: Learning mode should only be enabled on a PC that is 100% malware free. At that point, you will only receive HIPS alerts for processes not run during the learning period. After the learning period has expired or manually, use can switch to interactive mode. While learning mode is enabled, make sure you open and run all your applications so the HIPS creates rules for those. This will allow the HIPS to auto create rules for all your existing OS and application processes. I will also add that interactive mode should only be used after learning mode has been used for a number of days. The interactive mode, to be practical, should have a set of general rules and the user should answer only to a limited number of pop ups.
0 kommentar(er)
