The Internet Protocol (IP) Address of a Critical System Protection (CSP) Client Cannot be Modified after applying the Intrusion Prevention System (IPS) Policy "sym_win_protection_strict_sbp".
Last Updated May 31, 2019
The Transmission Control Protocol/Internet Protocol (TCP/IP) properties of the Network Interface Card (NIC) changes from "Use the following IP address" to "Obtain an IP address automatically". The IP address, then, cannot be modified even by a Windows administrator.
The sym_win_protection_strict_sbp IPS policy resets NIC Dynamic Host Configuration Protocol (DHCP) settings and prevents modification because access to the registry has been locked down.
Add IPS rule to permit process: C:\WINDOWS\explorer.exe to access registry items: \CurrentControlSet\Services and \ControlSet001\Services to solve this issue.
The following four rules should be added under Interactive Program Options--> Default Interactive Program Options-->Resources Lists --> Writable Resources Lists --> Allow modification to these registry keys--> Lists of Registry keys that can be modified: