User Switching related Bugs ( beta)

The issue reported for the version about fast user switching under Windows XP Pro SP2 is still occuring in CPF >:(
Only one user can use the computer. To switch, needs to reboot. If trying to use this feature, the computer hangs while trying to log the second user.

Previous post reporting that issue:

Hallo caverne_man,
Maybe this issue could be solved setting some windows component in trusted mode using Defense+.
Is there by any chance some Defense+ log entries that could affect Fast user switching?

Are you willing to take a thoubleshooting procedure to shed light on this issue?


  • Backup your current V3 configuration Using Miscellaneous\Configuration Management Wizard
  • Import your V3 configuration Backup giving it a test name Using Miscellaneous\Configuration Management Wizard
  • Activate your test configuration Using Miscellaneous\Configuration Management Wizard
  • Set all windows components (userinit.exe, sethc.exe, control.exe, wscntfy.exe, mmc.exe, cisvc.exe, wuauclt.exe, wmiprvse.exe, wmiadap.exe, alg.exe, csrss.exe, svchost.exe, winlogon.exe, services.exe, ctfmon.exe, helpsvc.exe, helpctr.exe) to trusted in Defense+\Advanced\Custom Security Policy
  • Test Fast User Switching
  • Activate your V3 Default configuration Miscellaneous\Configuration Management Wizard
  • Delete your V3 test configuration Using Miscellaneous\Configuration Management Wizard

Thanks for sharing any info on this subject,

Dear Gibran,

Thank you for your reply. I’ve done the following steps:

1/ exported config to the file “initial config” 290,816 bytes
2/ rebooted computer (to start from a clean system)
3/ imported config name: test - file “initial config”
4/ activate previously imported config: test
5/ Defense+/Advanced/Computer Security Policy: Change
csrss.exe, svchost.exe, services.exe, alg.exe, wmiprvse.exe, wuauclt.exe, ctfmon.exe, winlogon.exe, mmc.exe
The others were not found:
userinit.exe, sethc.exe, control.exe, wscntfy.exe, cisvc.exe, wmiadap.exe, helpsvc.exe, helpctr.exe
6/ tried fast switching: get the “computer locked by user…” message.
7/ Reboot, check the computer security Policy: winlogon.exe went back to “custom”. Logs indicates that Defense+ blocked a hook from winlogon.exe to MSCTF.dll
8/ When trying fast switching, goes to the user selection window, choose another user, enter password, start to login, then goes back to the user selection window.

I guess my winlogon.exe file is causing this problem …


Thanks for your help in nailing down this bug :slight_smile:

Defense+ not keeping winlogon trusted policy setting it’s sure a bad thing :frowning:
Maybe it’s possible to workaround this by setting MSCTF.dll in the custom policy of winlogon (defense+\advanced\Computer security policy\Edit winlogon.exe\Windows\WinEvent Hooks\Add MSCTF.dll to Allowed Applications.)

Maybe it’s worth adding C:\WINDOWS\system32\ctfmon.exe to Interprocess Memory Access.
Then reboot to try Fast User switching.

This coud be a phase one step because after unlocking those there could be another thing blocked later so It’s worth checking Defense+ log again.

[attachment deleted by admin]

I’ve added MSCTF.dll, ctfmon.exe and even logonui.exe in Defense+/advance/Computer security policy/winlogon.exe/access rights/Interprocess memory access/modify/allowed applications.

Same behavior. The only change is now the log doesn’t show anything blocked.

I’ve tried to lower the Defense+ settings from “Learn Safe Only” to “Learn All”. It sort of works:
I can switch to another account, and switch back to the initial account, but when I try to log off, instead of getting the user selection window, I get a black screen with the HDD showing a periodical activity.

Thanks for your advices.

Thanks again for sharing these details with all members.
I’m sure that your posts will help devs a lot :).

If you find any new rule generated Using Defense+ in Learn All Mode please post them there too.