[5.8.beta3] OnAccess DIDN'T work

OnAccess didn’t work while Manual Scan detects OK

bug

  1. What you did:
  1. opened infected pendrive and walked into a virus dir
  2. Rightclicking virus .exe and called Properties
  3. Launched(!) virus .exe
  4. Scanned virus .exe manually via context menu
  1. What actually happened or you actually saw:
  1. AV shows nothing, dir opened as always
  2. AV shows nothing, standard Properties dialog are shown
  3. AV shows nothing, AutoSandbox shows isolation notification
  4. detected “1 treat” Virus.Win32.Sality.Gen[at]1egj5j
  1. What you expected to happen or see:
  1. AV allert
  2. AV allert
  3. AV allert or access denied allert with a choice to run in the SB
  4. the same
  1. How you tried to fix it & what happened:

I c no way to fix it by self

  1. If its an application compatibility problem have you tried the application fixes here?:

It’s not a compat. prob.

  1. Details & exact version of any application (execpt CIS) involved with download link:

  2. Whether you can make the problem happen again, and if so exact steps to make it happen:

Not sure because of 1) deinstall of AV part and 2) cleaning abovementioned pendrive

  1. Any other information (eg your guess regarding the cause, with reasons):

System-wide autorun IS disabled of course.
This was a first insertion of pendrive after infection (I’m mean a “stateful” mode “caching”)
An infected pendrive contains among other files

  • an autorun.inf with
[autorun]
open=RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\dark.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\dark.exe
shell\open\default=1
  • and the file itself (named above)

my set-up

  1. CIS version, AV database version & configuration used:

CIS 5.8.beta3, AV updated 15.09.11, config. standard “Internet Security” trained a day before then switched to factory levels

  1. a) Have you updated (without uninstall) from CIS 3 or 4:

No

  1. a) Have you imported a config from a previous version of CIS:

No

  1. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):

No

  1. Defense+, Sandbox, Firewall & AV security levels: D+= , Sandbox= , Firewall = , AV =

D+ = Safe, ExecCtrl on, Unrecognized as Limited
Sandbox = Enabled
Firewall = Safe
AV = Stateful

  1. OS version, service pack, number of bits, UAC setting, & account type:

Win XP 32 bit, SP3, current, admin rights

It would be better to report this in 5.8.206694.2075 BETA Bug Reports if not please follow the instructions below.

We would very much appreciate it if you would edit your first post to create an issue report in line with the bug forum guidelines and format here. You can copy and paste the format from this topic.

To understand the reasons why we ask you to follow these guidelines please see below.

WHY WE ASK YOU TO FOLLOW THESE GUIDELINES
Bugs/issues can be impossible or very time consuming to fix if developers don’t have enough information to reproduce them. Since CIS is free, development time is limited. So if you want your issue fixed, please use the format below to describe it.

To avoid clutter, issues not described in the format below your post will not be moved to the ‘moderator verified’ issues topic. This means that the developers may not look at it.

Best wishes and many thanks in anticipation

Dennis

Edited.

Is all right?

Thank you for your Issue report.

Moved to verified.

Thank you

Dennis

Fine because I can’t c this pc for a one more week