Windows 10 Defender blocking HWInfo?

Windows 10 Defender blocking HWInfo? Get notification from Windows Defender that it has blocked hwinfo.exe from changing memory? Just installed 7.10, same issue as previous version. This started happening about 4 months ago when I got the routine Windows 10 Pro, update for version 20H2, installed 4/25/21, OS Build 19042.1165. Oh, Windows feature pack is 120.2212.3530.0, not sure that is relevant?

Scanning system, no issue or threats detected, and I keep the system pretty lean, not a lot of installs of apps or other things. The hwinfo application seems to be working and reporting fine, I basically am monitoring the main board and processors temperatures.

Any idea how to track this down or solve it? Warnings every time system starts are really annoying.
 
Haven't seen such issue yet and you're the first one to report this, so I'm really wondering why is this happening.
When does the warning come up - right at start before HWiNFO shows the welcome screen or during scan?
 
Appears to be at start up of system. I am more than happy to provide more information, I am a retired IT virtualization architect, so am quite familiar with programming (C, C++, C#) was will as many scripting implementations on Windows as well as Linux, and even true Unix in the past. So just let me know how I can help? Is there a log or such you need? Want?

I have found many reports from Windows 10 users that have similar issues, after some of the recent updates, from Microsoft even being tripped up by Defender. But I was surprised, as well, that HWiNFO was noted as being blocked in some way.
 
Not sure if I understood. Are you starting HWiNFO automatically with Windows so the blocking message appears at start?
If yes, could you please launch HWiNFO manually by resetting its settings and then notice when the message appears?
 
Start up item, per the application setup, configuration. Nothing special being done. The notification appears then, as defender takes action, apparently. Same exact notification appears if I stop and start application, as well.

Procedure 1:
1) Booted system
2) Notification results

Procedure 2:
1) Stopped application
2) Started application
3) Notification results

Procedure 3:
1) Saved settings per application GUI
2) Reset preferences
3) Stopped application
4) Started application
5) Notification results after selecting 'Run' button

Here is the notification information, that appears with each start/restart of application, not very descriptive unfortunately.

Notification.png
 
Thanks for the test results, but it's not easy to pinpoint what exactly is causing this. Could you please post the HWiNFO Debug File ?
 
Check if you can add the HWiNFO executable to the whitelist of the Controlled Folder Access protection feature. See for example the screenshots in this HowTo:

Regards
Dalai
 
Here is the debug file generated before any changes. When application is running directly I do approve the make changes to device prompt, so it should have permission to do anything it needs no? The issue seems to be a change in 'protected memory' not the file system?
 

Attachments

  • HWiNFO64.zip
    164 KB · Views: 1
I added application to the controlled folder access list... See attached. Now when I run the application, no notification, odd, that file system access permission change allows change to memory? Or the notification is misleading? Or are you using memory base file system API, or such?
 

Attachments

  • Controlled Folder Access.png
    Controlled Folder Access.png
    31.4 KB · Views: 5
Last edited:
Looks like this warning is triggered because HWiNFO is performing some low-level (direct) accesses to the disk to retrieve SMART health data and statistics. There's certainly nothing malicious, it's just a preventive warning. This can be reproduced also with other similar tools like CrystalDiskInfo.
Thanks @Dalai for the solution.
 
Looks like this warning is triggered because HWiNFO is performing some low-level (direct) accesses to the disk to retrieve SMART health data and statistics.
Sounds like this protection feature is a bit too sensitive. Not really new when it comes to MS software, though...

Thanks @Dalai for the solution.
You're welcome. (The hint was right there in the message shown in the screenshot ;).)

Regards
Dalai
 
Yup, I never thought it was anything bad per se. Odd thing is my install of crystaldiskinfo is not generating similar notifications. Pretty much it appears that in a recent Microsoft update they locked down something (tighter) and are tripping up some applications. I only run Samba and SmartMonTools on Linux, but I suspect that if I was running SmartMonTools on Windows, likely it would be flagged as well given its various methods/modes of disk (information) access API calls.
 
The misleading thing is... that the notification I received said the blocking was done due to memory access restriction, not a file system access restriction. But as all know, with memory mapped IO methods, the differences can be confusing at times.
 
Back
Top