What is HIPS?
HIPS (Host Intrusion Prevention System)
Host Intrusion Prevention System (HIPS) is a security technology that protects computers from unidentified viruses and suspicious behavior.
Sophos will perform a HIPS (Host Intrusion Prevention System) scan on your computer if it is enabled. The scan conducts a pre-execution behavior analysis and runtime behavior analysis on your system, which will identify suspicious files or suspicious behavior on your computer.
HIPS includes both pre-execution and runtime behavior analysis.
Runtime behavior analysis
Sophos Anti-Virus analyzes the behavior of the programs running on the system. The runtime behavior analysis includes:
Suspicious behavior detection
This dynamically analyzes the behavior of programs running on the system in order to detect and block activity which appears to be malicious. Suspicious behavior may include changes to the registry that could allow a virus to run automatically when the computer is restarted.
Buffer overflow detection
This dynamically analyzes the behavior of programs running on the system in order to detect buffer overflow attacks.
Before using HIPS runtime behavior analysis for the first time, pre-authorize the legitimate programs and files that are already on your computer. It is important to use it in the Alert Only configuration for a while in order to identify any software that may be causing unwanted detections on your system. During this period it is important to investigate all HIPS alerts in order to differentiate unwanted detections from genuine threats that may be present on your computer.
This article was updated: 09/2/2016