CIS HIPS - Freezes Windows 10 when an alert for System Memory Access is about to be thrown

I was trying to launch DS4Windows (v3.2.8.0) which in turns launches an installation prompt.
When this prompt appears my computer froze.

Turning “HIPS - Silent mode (BLOCK)” ON Again, as I’ve had to do for the last two years (which makes it a bit time-consuming to make rules for new applications) I see in the Log that the first thing this app tried (using the ruleset it already had made before computer froze) was - Access Memory - System.

Is there a way to have HIPS always block Access Memory / System for unknown applications so I can run with Silent mode OFF yet still retain the option of using the application with alerts?

image

Hi k1k2k3,

Thank you for reporting.
Could you please share us the download link of the official software(DS4Windows) ?

Thanks
C.O.M.O.D.O RT

I should note that I have run CIS with this HIPS setting for a long time, but it was only after an update I believe from 1903 to a higher Windows 10 build that I started to get these system locks when HIPS was not set to auto-block.

I recall this freeze would also occur if I ran Chrome browser for example, and any other application that asks for System Memory access. DS4Windows was just the latest culprit, since I just started using this app and figured I’d make the rules “quicker”.

Prior to that I’d usually only get a “hang” when a fullscreen application was launched just as it took control of the screen and/or keyboard, i.e. the usual “\KsecDD, Adf\Endpoint, AsyncConnectHlp” etc would go ok, then the game would go fullscreen and freeze… couldn’t even toggle numlock on/off at this point. but if I did a power-button-press and wait 4-5 minutes Windows would finally give me an option to kill the offending process through task manager (and also require a relog, as many other processes would be killed at this point)…

But I never had a freeze while I was only using the desktop and applications back then.

Edit:
The installation prompt appears after you launch the application, as it launches itself with a -install cmd which I believe is when it tries to run the ViGEmBus driver. You get a UAC prompt at this time.

This is the x64 installation using 64-bit .NET 6.0 runtime.

Edit2: I think I can avoid this problem i the future if I make a profile with “block” on System Memory and a few other things, and just have the rest set to “Ask”.
Course this also means I have to go through all previous applications and reconfigure them with this memory block. So it would be nice if it is fixed in CIS as well :slight_smile:

Thanks for a great product by the way! I always recomend this if someone asks.

Hi k1k2k3,

Thank you for providing the requested information.
We have whitelisted the product(DS4Windows) now.
Could you please check now ?
If the problem still persist kindly set the hips to “Safemode” and check.

Kindly let us know your fedback.

Thanks
C.O.M.O.D.O RT

I have had this problems for years with Windows 7 in Paranoid Mode with a plethora of programs over the years. Happens regularly.
Interestingly for some software it only happens from time to time, not every time I launch it.

See: Memory Access to "System" freezes whole PC

1 Like

Hi frilm,

Thank you for reporting. We are checking on this issue.
May i know your CIS version ?
And Kindly set hips to “safemode” and check.

Thanks
C.O.M.O.D.O RT

Thanks for looking into this.

Unfortunately I do not use safe-mode or the ‘trusted vendor lists’ as the number of allowed certificates in that list is just way too big and automatically trusting an application because it comes with a signing certificate is insecure.

I wouldn’t mind an option for CIS To create a list of “allowed” applications based on a list of certificates you have approved, that matches the applications I have in my system, but that it would allow me to see which applications and which settings - and modify them. A bit similar to ‘training’ mode, but I do not want it to automatically allow everything without me having an option to block a particular application before it is granted access.(If I do a clean OS install again I’d probably use training mode just to get all the OS applications registered correctly though.)

But is it then a known issue that when an application requests ‘SYSTEM MEMORY’ access that the whole system should freeze?