Author Topic: Defense+: Security Policy based on a Registry Group doesn't work (v3.0.8.214)[CONFIRMED]  (Read 3499 times)

Offline djbronko

  • Newbie
  • *
  • Posts: 19
Hi,

I'm running CFP 3.0.8.214 in Win XP x64 with SP2. I observed an unusual Defense+ behavior with respect to registry groups, and I'm not sure if this is a bug.

My Scenario

I created a registry group called "Network Related Keys", containing the following keys and all their subkeys (left out for the sake of brevity):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\root*
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates*

I created a predefined security policy called "Shell Application With Web Access". It contains the same access rights as the predefined Shell Application, and additionally the group "Network Related Keys" under Protected Registry Keys -> Allowed Registry Keys. The default action is Ask just as in Shell Application.

I created a computer security policy for the application Internet Explorer, using the predefined security policy "Shell Application With Web Access".


Observed Behavior
When I start Internet Explorer and visit a SSL-enabled page (so that certificates are read from registry), CFP asks for each registry key, although the keys are allowed.

When I add the registry keys directly under Protected Registry Keys -> Allowed Registry Keys, i.e. circumventing the registry group "Network Related Keys", CFP does not ask for the keys.

I consider this a bug, but please tell me if I lost sight of something.
« Last Edit: September 22, 2007, 06:40:55 AM by djbronko »

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Hi,

I'm running CFP 3.0.8.214 in Win XP x64 with SP2. I observed an unusual Defense+ behavior with respect to registry groups, and I'm not sure if this is a bug.

My Scenario

I created a registry group called "Network Related Keys", containing the following keys and all their subkeys (left out for the sake of brevity):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\root*
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates*

I created a predefined security policy called "Shell Application With Web Access". It contains the same access rights as the predefined Shell Application, and additionally the group "Network Related Keys" under Protected Registry Keys -> Allowed Registry Keys. The default action is Ask just as in Shell Application.

I created a computer security policy for the application Internet Explorer, using the predefined security policy "Shell Application With Web Access".


Observed Behavior
When I start Internet Explorer and visit a SSL-enabled page (so that certificates are read from registry), CFP asks for each registry key, although the keys are allowed.

When I add the registry keys directly under Protected Registry Keys -> Allowed Registry Keys, i.e. circumventing the registry group "Network Related Keys", CFP does not ask for the keys.

I consider this a bug, but please tell me if I lost sight of something.


Hi there,

Congratulations. You have indentified a very good bug. It should have worked just as you expected.

Thank you for the feedback,
Egemen

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek