HIPS software, Host-based Intrusion Prevention System, checks a server, computer, or workstation for events occurring on that host which indicate there is a cybersecurity threat. One of the features of a HIPS program is that it monitors files for changes in content. It's not a firewall, looking for intrusions into the host, but a system that checks for changes within. It will also keep track of which programs installed on the host have been verified, and block them from taking restricted actions. HIPS differs from anti-virus software which checks for known viruses. It is not limited by only being able to check for malware that has been identified, but it will look for attacks following known patterns.

HIPS should flag cases in which interprocess communications (IPC) - data exchanged between programs - becomes a means by which a trusted program becomes infected with malware. HIPS will monitor protocols, such as HTTP or TCP, for deviations from their normal content. It will also watch for when something alters registry keys, installs drivers, or terminates other applications.

A system which detects threats that have already occurred is a host-based intrusion detection system - HIDS.