'Access memory' event log entries - how can I suppress these? [v5]

Some older programs and some utilities (eg process explorer) repeatedly access the memory of all running programs, including CIS and windows system files. Malware also does this for less benign reasons - to crash security software for example.

CIS prevents such access to its own, Windows and some other files and logs an event each time it occurs.

If and only if you totally trust the file that is doing this (look in the ‘application’ column), you can suppress these alerts by allowing them in the protection settings of the file or group being accessed.

To do this navigate to Defense plus ~ Computer Security Policy ~ Defense Plus Rules and locate the file or group being accessed. In most cases this will be a file in the CIS group itself, so choose the CIS group.

If this file has a custom setting (as CIS does), choose Edit ~ Customise ~ Protection settings ~ Interprocess Memory Accesses ~ Modify and add the file to the exclusion list.

If this file has a predefined policy setting (as windows files do). Navigate to Defense plus ~ Computer Security Policy ~ Predefined Policies. Then choose the appropriate predefined policy, choose edit then follow the same steps as above. Do this very carefully as any changes you make here will affect a lot of files.

Useful info. But I still do not understand why files need to access memory if Comodo thinks it is a bad idea. ???

For example, Would you completely trust the following files?

procexp.exe from sysinternals

IDriveEReg2ini.exe from IDrive backup software

IDriveEBckupsetSize.exe from IDrive backup software

If they are allowed, does that potentially increase a risk of other malware piggy-backing on these exe files and exploiting the hole, or not? Bearing in mind D+ is switch on of course.

Any info appreciated, thanks.

In my experience the files that do this are typically programmed using older programming frameworks or languages. (Or they may be utilities that just have to do this like microsoft process explorer).

Older programming frameworks, as I understand it, take a relatively dumb approach to program interaction that requires them to ‘touch’ the memory of all running apps.

Idrive (which I run) is typical in this respect. You may note that it tends to have .exes calling .exes, and user relatively few .dlls. A very old fashioned approach.

I’m locking this topic as this is a FAQ, but if you do want to enquire further please do ask in the help forum

Best wishes

Mouse