HIPS

[siberian 0]

In my case (latest Home Internet Security, Windows 11 23H2), it all goes to HIPS log, because the browser is MS Edge (which is a system app so HIPS protected). The user rules could be evaluated only if there was no matches in predefined ones.

It would be great if the user can set strict exceptions with priority higher than predefined rules has. At least within OS and Browser protection part. And let the user selectively disable HIPS logging of events related to self-defense and/or OS protection. You have a bug with filtering duplicates (it’s not working) in log view so it spams a thousands of messages, hiding important things. Disabling part of the protection or interactive mode for HIPS (in addition to firewall) — i would choose something else.

[siberian 0]

Hello there!

This was originally a comment intended for a different topic. That thread was about input helper programs and browser protection exceptions not working. 

The moderator created a separate topic for my reply and it’s fine. I wasn't just talking about input assistants, but text expanders and layout switches as well. The functionality of such programs includes a full-fledged keylogger, so I would like to be able to explicitly allow programs that you trust without disabling keylogger protection functionality at all.

But the issue is not limited by keyloggers only. There are also password managers. In the HIPS logs I see blocked Bitwarden accesses to MS Edge, because of system protection predefined rule. Same thing happens with AdGuard standalone app and AdGuard browser extension.

Yes, you can choose any other browser, but I think the user should be able to add some rules that have a higher priority than the predefined ones. These can only be specific and strict rules, but be.

Perhaps the user should also be allowed to choose whether or not system applications can "invade" each other. Like (from the HIPS logs) MS Edge -> MS Edge, explorer -> explorer/MS Edge, taskhostw -> MS Edge, csrss -> MS Edge/explorer, MSRT (has different instances/paths) -> MS Edge, etc. Some of this system services and apps with blocked calls terminate with an exception and an error. 

[itman 1,705]

Appears you have enabled "Log all blocked operations" in HIPS Advanced Setup section. First, this setting should only be enabled when performing diagnostic activity due to suspect HIPS blocking activity. A lot of disk space will be consumed with this setting enabled.

The HIPS has numerous hidden rules. It is normal to see a lot of blocked activity from these rules. Also, there is no way to override these hidden rules. Unless something on your PC is not behaving normally, I would not be concerned with what these hidden rules are blocking.