run executable HIPS rule not obeyed Win7 64-bit

I can’t prevent any application from launching by Explorer.

Please provide some steps. Do note that Explorer is treated as Windows System Application in HIPS with default configuration.

I’m not running default; I’m running Proactive configuration in paranoid mode - monitoring settings set to ALL - and Explorer.exe is not in the Windows System Application file-group.

Perhaps it does that hardcoded.

I believe that my problem is a horked config file. I believe this because I could not stop entries into the log for interprocess memory access, install hook, and other CIS configurable parameters no matter WHAT rules were established; it did whatever the hell it wanted.

For example, Classic Shell settings just stopped working and I was getting 5-6 logged entries per second about ClassicShell trying to hook a ClassicShell dll. There was NOTHING I could do to resolve that. I scrapped the configuration that I was using and reverted back to a default and have been tediously importing things where its been easy to do so, i.e., easy copy & paste from begin / end w/out messy UID or GUID in between.