HIPS keeps blocking system files that have already set as "Windows System Application"

My computer is having black screen deaths, or freezing in the middle of using, more and more frequently in recent days. When it happens, the only thing I can do is a forced power off and restart. Doesn’t feel right by not letting OS close itself normally…

And after a few narrowing down, I assume the causes might rooting from HIPS’ keeping 3 major files blocked too often, even I have removed them from “Blocked list”, manually set file rule “Windows System Application” to each of them.

So far now, the 3 system related files that keep being blocked by HIPS are:
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\nview\nviewmain64.exe
C:\Windows\explorer.exe

From some digging into this forum’s history discussions, it is known that there might have “interprocess memory access” problem existing in some applications, and indeed most of the reasons seen in HIPS log are “Memory Access”. But in the rule set of “Windows System Application”, the “Interprocess Memory Accesses” is indeed allowed, which is also the rule sets I have set to those 3 files every once I found they were blocked by HIPS and after removed from the blocked list.

And I don’t understand, why a manually appointed rule (Windows System Application) in HIPS always being alternated to a custom one, and it got blocked repeatedly?

Is there any way other than completely reinstalling of COMODO, without a total destruction of already established settings in every other components, if I want to fix this? Can I preserve other settings like Firewall zones addresses etc?

Any suggestion or ideas would be appreciated.

Export current configuration then change configuration to one of the defaults, restart. Once restarted, import your configuration and then make the necessary changes before restarting. My knowledge of HIPS is limited but anything beyond default Safe Mode isn’t necessary unless you have containment disabled.

Thanks for sharing thoughts. In my up-to-date Windows 10, HIPS seems to be incompatible and always blocked my crucial windows files no matter whatever I set in HIPS Rules, HIPS Protected Objects, File Rating etc. It always blocks these important system files listed above, and cause a system hang that cannot be solved except a hard power off. That is irritating and everything goes normal again after I disable it.

Perhaps HIPS is compatible with Windows 11 or newer version, but I will have to turn it off unless there is a way to make it behaving once again. The suite works well generally, blocks or prompts probably everything that I want to review, and indeed filtered some apps that wants to have unnecessary outgoing communication. But this annoying HIPS just went too over.

Try the log:

Select one of the file, right click, advanced filters, action, now select: Add, Checked: Safe, start process

You are using a buggy setting called create rules for safe applications. If you disable it then you won’t have issues with hips overwriting your rules or being erased at system shutdown/reboot.

1 Like

Yeah I know that option, but I have turned it off long before, at least a few months. The freezing issue might have something to do with windows updates, I’m not sure.
image

Tracking valid logs will have to turn HIPS on back and experiencing the system hang again, I will try to see what it will record. In my previous log reviewing, I saw these system files were identified as memory access or something a like by HIPS, before a freezing happening. But there was no way to resolve it, as I described above. Mine is in English but I think the translation goes the same.

Yes, I have the same issue, sometimes the system freezes when Windows Update is running