Memory sharing with CIS

CIS 4.xxx.779, Win7 x64.

I have my two trusted programs still trying to share memory resources with CFP. (SetPoint.exe and LWEMon.exe, both are Logitech).
I went through the steps to stop this from logging and to permit this (adding them to the Inter Process Memory Access). Both are now listed, but both still are being logged.
Is there a resolve for this or is this a new bug within CIS4 that was not in CIS3?

[attachment deleted by admin]

I have similar problems with process monitor and process tamer (neat tool!).

Going to computer security policy and setting the relevant apps as exceptions to the protection settings (inter process memory access) for the CIS group resolved this for me. (At least so far!)

Note that it may not resolve it for sandboxed applications. If protection settings are the same as access settings (not tried this out), anything sandboxed as limited and above will cause a deny and log if it tries to access cfp in memory.

If your app is sandboxed, would be interested to know whether you can stop the logging.

Best wishes

Mike

Originally asked (does not seem to check that it is signed with a ‘Trusted Vendors’ signature) about sandboxing it, I selected never to sandbox it (had to restart for this to take effect).

I had added it to added it to ‘Access Rights’, but now have also added it to ‘Protection Settings’.
This seems to have done it as it is not logging this any further. I did note while adding it to Protection Settings these two (and others actively running) are not displayed in the ‘Running Processes’ list. Had to manually locate them to add. (another bug?)

If you had to reboot, not just restart the program, then maybe it was being run by another sandboxed program? Still confusing because in this case you normally get no alerts. Maybe its absence from the running processes list is connected. I know from experience that setpoint is badly programmed, tho’ I cannot remember how or why off the top of my head. Possibly cIS was suspicious in some (undocumented) way. I know I had to define a similar file (that accessed CIS in memory) as an updater to get rid of the alerts.

I had added it to added it to 'Access Rights', but now have also added it to 'Protection Settings'. This seems to have done it as it is not logging this any further. I did note while adding it to Protection Settings these two (and others actively running) are not displayed in the 'Running Processes' list. Had to manually locate them to add. (another bug?)

The logic is (I think) that the log item is generated by cfp protecting itself, not setpoint accessing what it’s rules don’t allow.