Host Intrusion Prevention System (HIPS)

Host Intrusion Prevention System

The HIPS module in True Protection by Jag monitors system activities and uses a set of predefined rules to detect and prevent suspicious behavior that might indicate an intrusion or malware activity.

What HIPS Protects Against

• Process Injection: Prevents malicious code from injecting itself into legitimate processes.
• Privilege Escalation: Blocks unauthorized attempts to gain administrator-level access.
• Registry Tampering: Protects critical registry keys from unauthorized modification.
• Driver Loading: Monitors and controls the loading of system drivers.
• Screen Capture Prevention: Blocks unauthorized applications from capturing your screen.

HIPS Modes

• Automatic Mode: HIPS silently allows known-safe activities and blocks known threats. Unknown activities are evaluated by heuristic rules.
• Smart Mode: Similar to automatic but will prompt you for decisions on borderline cases.
• Policy-Based Mode: All activities are evaluated strictly against your configured rules. Anything not explicitly allowed is blocked.

Configuring HIPS Rules

Navigate to Settings > HIPS > Rules to create custom rules. Each rule specifies:

• The target application or process
• The system operation being monitored (file access, registry write, network connection)
• The action to take (allow, block, or ask)

For most users, the Automatic Mode provides strong protection without requiring manual configuration.