Error: Intrusion Prevention Rule Compilation Failed

This error can occur for a variety of reasons. To confirm the error is legitimate:

Resend the policy

  1. In the Workload Security console, click Computers.
  2. Right-click the computer where the error occurred.
  3. Go to Actions > Send Policy.

Re-check status

  1. In the Workload Security console, click Computers.
  2. Right-click the computer where the error occurred.
  3. Go to Actions > Clear Warnings/Errors.
  4. Once the warnings and errors are cleared, go to Actions > Check Status.

If the error continues to occur after completing the above steps, troubleshoot the issue with the solutions below:

If the error persists, contact technical support.

Apply Intrusion Prevention best practices

The Intrusion Prevention Rule Compilation Failed error can occur due to a lack of resources on the machine, such as space, memory, or CPU. To help resolve this issue, apply the best practices on Performance tips for intrusion prevention.

Manage rules

The Intrusion Prevention Rule Compilation Failed error can occur when the number of assigned Intrusion Prevention rules exceeds the recommended count. You should not have more than 400 Intrusion Prevention rules on an endpoint. It is recommended to only apply the Intrusion Prevention rules that a recommendation scan suggests in order to avoid applying unnecessary rules. If you are applying Intrusion Prevention rules manually, apply them to the computer rather than the policy to avoid adding too many application types to a single port.

To resolve the issue, reduce the number of assigned rules:

  1. Access the Intrusion Prevention rules depending on how you assigned them. Do either of the following:
    • At the computer level, go to the Computers tab, right-click the computer and select Details.
    • At the policy level, go to the Policies tab, right-click the policy and select Details.
  2. Go to Intrusion Prevention and click Scan for Recommendations.
  3. Once the scan is complete, click Assign/Unassign. At the top of the window, filter the rules by Recommended for Unassignment.
  4. To unassign a rule, select the check box next to the rule name. Alternatively, to unassign several rules at once use the Shift or Control keys to select the rules.
  5. Right-click the rule or selection of rules to be removed and go to Unassign Rule(s) > From All Interfaces, then click OK. Close the window.
  6. On the Computers tab right-click the computer, and go to Actions > Clear Warnings/Errors. The Intrusion Prevention engine will automatically attempt a rule compilation. The duration of the process will depend on the heartbeat interval and communication settings between Workload Security and the agent.
If you've applied Intrusion Prevention rules through a policy and are unsure which computers are affected, open the Policy editor and go to Overview > Computer(s) Using This Policy.

Unassign application types from a single port

The Intrusion Prevention Rule Compilation Failed error can occur when a single port is assigned with too many application types. Currently, a port can only be assigned to eight application types.

To resolve the issue, remove an assigned application type from a port:

  1. To determine which rule encountered the issue, double-click the error to open the Event Viewer.
  2. Go to the Computers tab.
  3. Right-click the computer with the misconfigured Intrusion Prevention rule and select Details.
  4. Go to Intrusion Prevention.
  5. Click Assign/Unassign. In the search bar, enter the name of the misconfigured rule.
  6. Right-click the rule and select Application Type Properties.
  7. Deselect the Inherited check box.
  8. Delete the port and enter a new one.
  9. Click Apply and OK.