HIPS: "Interprocess Memory Accesses", incompatibility with Win10 v1903 [M2401]

A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Upgrade of windows 10 from ver.1803 to ver.1903.
2: Open various programs.

One or two sentences explaining what actually happened:
The HIPS alarms of “Interprocess Memory Accesses” have increased in an extreme way, even by some programs that did not perform this type of activity before the upgrade.

One or two sentences explaining what you expected to happen:
A quantity of HIPS alarms similar to those received with the previous versions of Win10 v1903!

Any other information, eg your guess at the cause, how you tried to fix it etc:
Perhaps the monitoring of the activities of “Interprocess Memory Accesses” with Windows 10 v1903, has some incompatibilities to be manageable in paranoid mode, and possibly causes some performance degradation with this version of the operating system. So I hope, of course, that this problem will be solved as soon as possible.
Meanwhile, I had to deselect from the HIPS settings, the monitoring of Interprocess Memory Accesses activities, to avoid being overwhelmed by a myriad of warnings, and / or having to change the rules of many programs. :frowning:

Exact CIS version & configuration:
CIS V12.0.0.6818

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
AutoSandbox disable, Firewall personal rules, Antivirus optimize. HIPS “paranoid”

Have you made any other changes to the default config? (egs here.):
Forced evaluation on “unrecognized” for all programs, even for signed programs.

Have you updated (without uninstall) from CIS 5, 6 or 7?:
No update CIS or change config, only l’upgrade di windows 10.

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 10 x64 V.1903 , default UAC, account admin.

Yes known issue also:


Q: This seems to happen or happen more since updating to Windows 10 May Update (1903). Why is that?
A: Currently there is a bug where CIS will log memory access by 32 bits applications when there actually is no memory access happening.

Thanks for the quick clarification, futuretech. :-TU

So I assume this is a known bug and I also assume the team is already working to fix it, right?
Because allowing access to memory by default is dangerous; but blocking it, fills the register with thousands of false warnings. :wink:

Should be fixed in v12.1.0.6914 RC