A. THE BUG/ISSUE (Varies from issue to issue)
Only on Windows 10 x86 & x64 CIS does not detect application access to the Windows DNS/RPC Client Service a.k.a COM Interface \RPC Control\DNSResolver.
Can you reproduce the problem & if so how reliably?:
Yes very reliably
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1:Execute any application that performs DNS query’s using the Windows DNS/RPC Client Service. I used dnstester.exe from matousec.com SSTS64 proactive security challenge test suite.
2:Either set HIPS to paranoid mode or safe mode with the application rating set to unrecognized.
3:Notice no alert for accessing the DNS/RPC Client Service.
One or two sentences explaining what actually happened:
Any unknown application can communicate over the network without an alert using the built in Windows DNS/RPC client service.
One or two sentences explaining what you expected to happen:
I expected CIS to display an alert when an unrecognized application attempts to access the DNS/RPC client service (COM interface \RPC Control\DNSResolver)
If a software compatibility problem have you tried the advice to make programs work with CIS?:
Any software except CIS/OS involved? If so - name, & exact version:
I used matousec.com dnstester.exe from the software security testing suite 64 archive available here:http://www.matousec.com/downloads/ssts64.7z password is ssts64
Any other information, eg your guess at the cause, how you tried to fix it etc:
B. YOUR SETUP
Exact CIS version & configuration:
Version 22.214.171.12474 Proactive configuration
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
HIPS=Safe mode, Auto-Sandbox=Disabled, Firewall=Safe mode, AV=not installed
Have you made any other changes to the default config? (egs here.):
Disabled the auto-sandbox, added *\RPC Control\ntsvcs and *\RPC Control\DNSResolver to Protected COM Interfaces.
Have you updated (without uninstall) from CIS 5, 6 or 7?:
if so, have you tried a a a clean reinstall - if not please do?:
Have you imported a config from a previous version of CIS:
if so, have you tried a standard config - if not please do:
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 10 x64, UAC=Disabled, Admin account, non-VM
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
[attachment deleted by admin]