Proactive Security kills Aero

Why is it that when I switch from Firewall Security to Proactive Security Windows defaults to the basic Win95-era desktop? I’m using the latest CIS6 on current Windows 7x64 with uxtheme.dll and shell32.dll set as system applications in HIPS.

I assume uxtheme.dll is a dll to make a custom Windows theme. See if adding it to Trusted Files helps. f you’re using an adapter version of shell32.dll also add it to Trusted Files.

No go on a 64-bit system, and they’re not custom files. Added both syswow64 and system32 versions to trusted files, themeui.dll, msctf, dwmapi, anything else I could think of. I’ve allowed svchost - it’s running on a custom ruleset, and I was getting these notices in the logs targeted at uxtheme.dll - to hook everything. The desktop troubleshooter doesn’t work, it tells me DWM is disabled when it isn’t. So far the only remedy is to disable HIPS completely and I don’t want to do that.

The more I think about it, the more this seems like my own fault. I’ll take apart the svchost rules and see which one needs to be changed.

Keep us posted.

I put the four main .dll files in this situation (shell32,msctf,dwmapi,and uxtheme) in svchost.exe active Protection Settings → Windows/WinEvent Hooks → Exclusions, and Aero seems to work correctly for now.

Thank you for reporting back. It will surely help others in the future.