Views:
This error can occur for a variety of reasons. To confirm the error is legitimate:
Resend the policy

Procedure

  1. In the Server & Workload Protection console, click Computers.
  2. Right-click the computer where the error occurred.
  3. Go to Actions Send Policy.
  4. Re-check status:
    1. In the Server & Workload Protection console, click Computers.
    2. Right-click the computer where the error occurred.
    3. Go to Actions Clear Warnings/Errors.
    4. Once the warnings and errors are cleared, go to Actions Check Status.

What to do next

If the error continues to occur after completing the above steps, troubleshoot the issue with the solutions below:
If the error persists, contact technical support.

Apply Intrusion Prevention best practices Parent topic

The Intrusion Prevention Rule Compilation Failed error can occur due to a lack of resources on the machine, such as space, memory, or CPU. To help resolve this issue, apply the best practices on Performance tips for intrusion prevention.

Manage rules Parent topic

The Intrusion Prevention Rule Compilation Failed error can occur when the number of assigned Intrusion Prevention rules exceeds the recommended count. You should not have more than 400 Intrusion Prevention rules on an endpoint. It is recommended to only apply the Intrusion Prevention rules that a recommendation scan suggests in order to avoid applying unnecessary rules. If you are applying Intrusion Prevention rules manually, apply them to the computer rather than the policy to avoid adding too many application types to a single port.
To resolve the issue, reduce the number of assigned rules:

Procedure

  1. Access the Intrusion Prevention rules depending on how you assigned them. Do either of the following:
    • At the computer level, go to the Computers tab, right-click the computer and select Details.
    • At the policy level, go to the Policies tab, right-click the policy and select Details.
  2. Go to Intrusion Prevention and click Scan for Recommendations.
  3. Once the scan is complete, click Assign/Unassign. At the top of the window, filter the rules by Recommended for Unassignment.
  4. To unassign a rule, select the check box next to the rule name. Alternatively, to unassign several rules at once use the Shift or Control keys to select the rules.
  5. Right-click the rule or selection of rules to be removed and go to Unassign Rule(s) From All Interfaces, then click OK. Close the window.
  6. On the Computers tab right-click the computer, and go to Actions Clear Warnings/Errors. The Intrusion Prevention engine will automatically attempt a rule compilation. The duration of the process will depend on the heartbeat interval and communication settings between Server & Workload Protection and the agent.

What to do next

Tip
Tip
If you've applied Intrusion Prevention rules through a policy and are unsure which computers are affected, open the Policy editor and go to Overview Computer(s) Using This Policy.

Unassign application types from a single port Parent topic

The Intrusion Prevention Rule Compilation Failed error can occur when a single port is assigned with too many application types. Currently, a port can only be assigned to eight application types.
To resolve the issue, remove an assigned application type from a port:

Procedure

  1. To determine which rule encountered the issue, double-click the error to open the Event Viewer.
  2. Go to the Computers tab.
  3. Right-click the computer with the misconfigured Intrusion Prevention rule and select Details.
  4. Go to Intrusion Prevention.
  5. Click Assign/Unassign. In the search bar, enter the name of the misconfigured rule.
  6. Right-click the rule and select Application Type Properties.
  7. Deselect the Inherited check box.
  8. Delete the port and enter a new one.
  9. Click Apply and OK.

What to do next