where the filegroup has protected COM interface access name permissions for LocalSecurityAuthority.Backup, and yet C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe always alerts to LocalSecurityAuthority.Backup resource name requests. I’ve even defined the filegroup explicit without wildcards to no avail.
This has usually been a useful strategy; the permissions don’t change when the base image gets updated.
Double click on the allowed com interface that you added in the HIPS rule for the file group to bring up the edit property box, then just ok that box and then ok all the other setting windows. Its a weird bug with manually typing in non-listed COM interfaces in the add new item box of the select COM interface window.
I had copied the specific entry out of Pseudo COM Interfaces - Privileges - in the HIPS Groups, the COM Groups and pasted that into the specific Protected COM Interface access name resource permission.
I’ve try your suggestion and see how that works.
Edit: I just went through this with MS Office 2010 filegroup and had to do the deally-oh for 7 Protected COM Interfaces and looks like it works good last long time.