This error can occur for a variety of reasons. To confirm the error is legitimate:
Resend the policy
Procedure
- In the Server & Workload Protection console, click Computers.
- Right-click the computer where the error occurred.
- Go to .
- Re-check status:
- In the Server & Workload Protection console, click Computers.
- Right-click the computer where the error occurred.
- Go to .
- Once the warnings and errors are cleared, go to .
What to do next
If the error continues to occur after completing the above steps, troubleshoot the
issue with the solutions below:
- Apply Intrusion Prevention best practices
- Manage rules
- Unassign application types from a single port
If the error persists, contact technical support.
Apply Intrusion Prevention best practices
The Intrusion Prevention Rule Compilation Failed error can occur due to a lack of
resources on the machine, such as space, memory, or CPU. To help resolve this issue,
apply the best practices on Performance tips for intrusion prevention.
Manage rules
The Intrusion Prevention Rule Compilation Failed error can occur when the number of
assigned Intrusion Prevention rules exceeds the recommended count. You should not
have more than 400 Intrusion Prevention rules on an endpoint. It is recommended to
only apply the Intrusion Prevention rules that a recommendation scan suggests in order to avoid applying unnecessary rules. If you are applying Intrusion
Prevention rules manually, apply them to the computer rather than the policy to avoid
adding too many application types to a single port.
To resolve the issue, reduce the number of assigned rules:
Procedure
- Access the Intrusion Prevention rules depending on how you assigned them. Do either
of the
following:
-
At the computer level, go to the Computers tab, right-click the computer and select Details.
-
At the policy level, go to the Policies tab, right-click the policy and select Details.
-
- Go to Intrusion Prevention and click Scan for Recommendations.
- Once the scan is complete, click Assign/Unassign. At the top of the window, filter the rules by Recommended for Unassignment.
- To unassign a rule, select the check box next to the rule name. Alternatively, to unassign several rules at once use the Shift or Control keys to select the rules.
- Right-click the rule or selection of rules to be removed and go to , then click OK. Close the window.
- On the Computers tab right-click the computer, and go to Server & Workload Protection and the agent. . The Intrusion Prevention engine will automatically attempt a rule compilation. The duration of the process will depend on the heartbeat interval and communication settings between
What to do next
TipIf you've applied Intrusion Prevention rules through a policy and are unsure which
computers are affected, open the Policy editor and go to
.
|
Unassign application types from a single port
The Intrusion Prevention Rule Compilation Failed error can occur when a single port
is assigned with too many application types. Currently, a port can only be assigned
to eight application types.
To resolve the issue, remove an assigned application type from a port:
Procedure
- To determine which rule encountered the issue, double-click the error to open the Event Viewer.
- Go to the Computers tab.
- Right-click the computer with the misconfigured Intrusion Prevention rule and select Details.
- Go to Intrusion Prevention.
- Click Assign/Unassign. In the search bar, enter the name of the misconfigured rule.
- Right-click the rule and select Application Type Properties.
- Deselect the Inherited check box.
- Delete the port and enter a new one.
- Click Apply and OK.