By default, end users are not given any information
about policy decisions that were made as a result of enforcement
of a HIP-enabled security rule. However, you can enable this functionality
by defining HIP notification messages to display when a particular
HIP profile is matched and/or not matched.
The decision as to when to display a message (that is, whether
to display it when the user’s configuration matches a HIP profile
in the policy or when it doesn’t match it), depends largely on your
policy and what a HIP match (or non-match) means for the user. That
is, does a match mean they are granted full access to your network resources?
Or does it mean they have limited access due to a non-compliance
For example, consider the following scenarios:
You create a HIP profile that matches if the required
corporate antivirus and anti-spyware software packages are
In this case, you might want to create a HIP notification message
for users who match the HIP profile telling them that they need
to install the software (and, optionally, providing a link to the
file share where they can access the installer for the corresponding
You create a HIP profile that matches if those same applications
you might want to create the message for users who do not match the
profile, and direct them to the location of the install package.