When Host IPS is installed, the insertion of the firewall’s NDIS driver causes Microsoft Windows to tear down and rebuild the IP stacks on connected interfaces. This behavior causes some applications to generate error messages or loose connection during the temporary loss of connectivity.

Previous versions of Host IPS used firewall-hook drivers, which did not cause this temporary disruption. But, Microsoft actively discourages use of the older technique in its developer guidance, as described in the following excerpt from http://msdn.microsoft.com/en-us/library/aa504964.aspx:

“It is not recommended to implement a firewall-hook driver (or firewall driver) for Microsoft Windows XP and later versions of the operating system. To provide firewall functionality on Windows XP and later, you should create an NDIS intermediate miniport driver to manage packets sent and received across a firewall.”

With NDIS 5.0, supported on XP and prior Windows versions, when an NDIS intermediate driver is installed or uninstalled, the bindings in the driver stack are torn down and later rebuilt. As a result, it leads to loss of network connectivity across all network interface cards.

NDIS 6.0, supported on Windows, provides several enhancements over 5.0 including the following:

NDIS 6.0 filter drivers can be dynamically inserted into or removed from a driver stack during runtime without tearing down bindings.

NOTE: The quoted text was obtained from: http://msdn.microsoft.com/en-us/library/ms795218.aspx.

NDIS support for Host IPS 8.x:

• Host IPS 8.x uses Windows Filter Platform (WFP) on supported Windows platforms.