allowing UDP connections freezes computer (CIS 3.9-Win7RC)

guys I know you’re not supporting Win7 yet, but I got to ask this. I installed 3.9 about half an hour ago and I got a weird issue: as soon as I click on the allow button to allow this UDP connection between Skype and my router apparently, the computer freezes completely; the mouse cursor can’t be moved anymore, no more hard disk activity, gotta press the laptop button to force a shutdown. I could reproduce this, it happened again with the same alert in the same conditions. If I click cancel on the alert I can go on with Skype.

edit: there’s a second alert like this one that comes when you cancel the first one, just with a different port, always UDP.

CIS 3.9
Skype 4.0
UAC off

edit: just a guess, the issue might come from the OS, as Skype was installed with UAC on and virtualization is off now, there might be a security block…

edit: got it, that was it, I turned UAC back on, rebooted, launched Skype again, same alerts, no freezing anymore.

[attachment deleted by admin]

OK I was wrong, it just happened again with Skype and Windows media player, PC freezes completely when allowing traffic after a UDP alert. Only way to avoid the issue is to cancel the alert, close the application, go to its policy rule in the firewall and add a UDP out allowed for everything.

Out of sheer curiosity. What happens when installing Skype as admin and running as admin. With Defense + you have UAC on steroids; so it’s not needed.

the issue would remain for other apps like windows media player that comes installed with the OS. As to UAC I know ;D…it was off, I turned it back on to see the effects with Skype. One thing I should try though is to reisntall CIS 3.9 with admin rights, which i didn’t do this time (vista compatibility mode isn’t needed anymore btw), and see the results. Anyway the issue with UDP and whether apps or CIS itself are granted admin rights must be related to the complete freezing of the system, somehow ???

Keep us posted about installing CIS in admin mode. Your observation is correct that the Vista compatibility mode is no longer needed. It went somewhere during the beta phase.

Will be installing Win 7 RC in a couple of days and will see how it goes.

for some reason (?) I didn’t get notified for your last post. OK I didn’t have the time to try this today, will do tomorrow. On a side note I just got an automatic update to ******509 version. And according to Egemen the update addresses this freezing issue I was reporting here, that others seem to have experienced in Vista as well, his post doesn’t say in which conditions though:;msg285972#msg285972

so this might be completely solved now. This said, apart from Skype and Windows Media Player, I didn’t have any other UDP alert from the firewall…so it’s hard to say if the potential freezing is gone or not…

edit: oops, I see the email notification now :wink:

OK I just wanted to experiment this with 3.9 build 509, I removed the firewall rules for Skype and Windows Media Player, launched Skype, had a UDP alert, allowed, it worked. Then launched a web site in Firefox requiring wmp, wmp opened and froze. Killed wmp task, retried with the site, wmp launched, attempting to connect, got an UDP alert, clicked “allow”, and the system completely froze, had to force a shutdown with the laptop button.

I then booted, uninstalled CIS, rebooted, and reinstalled it in admin mode. then launched that site again requiring wmp, same issue again with an UDP alert, system froze completely when I clicked allow. Forced a shut down, booted, and then at login time, had to set my trusted zone a second time (first time was not saved because of forced shut down I suppose), I got an UDP alert for svchost.exe. Allowed it, no problem. Retried with the web site and wmp, now the message is that wmp cannot play the video because the protocol is not supported. WMP plugin is installed in Firefox, and that site I’m talking about requires WMP, and it always works on this site with either no CIS installed, or a manually added rule allowing UDP traffic for WMP (like I said in my previous post here). So installing in admin mode doesn’t change anything, other than, as predicted, invalidating all my CIS user settings in the registry.

OK that’s about it, meaning that at least in Win7, the freezing issue is not solved yet.

yeah WMP protocols got somehow broken after all that mess, if that happens to you just go to your user profile, appdata\local\Microsoft\Windows Media

delete the windows media folder completely and relaunch any site requiring windows media player, it will work now.

can’t tell how it happened exactly, I was just browsing the CIS logs interface when a message from Windows popped up saying that CIS experienced a problem ( I was clearing the logs for def+ and the firewall and after the clearing, one def+ entry was still there), and that it would be switched automatically to compatibility mode after the next restart of it. And just that, CIS is now in Vista compatibility mode, and I can’t even change it, the option is grayed out in CIS executable properties. I can still change it to Vista SP1 or SP2 in all users mode, but I can’t remove completely the compatibility mode. It must be somewhere in the registry now I suppose.

edit: ignore this post, I misread the property table for compatibility mode, reversing to non-compatibility mode is still available.

My system is Windows 7 7127 X64.
CIS v.509 works fine.

You don’t need to use compatibility mode.
Use clean install.

try following settings.

1.UAC off.
2.Windows firewall off.
3.Windows defender off.

NIC settings.

Have you ever tried skype as a trusted app?

[attachment deleted by admin]

thanks for the feedback, but please read my posts again. Some apps that were installed with UAC on get strange behavior when UAC is off. UAC impacts some file location and rights since Vista. Of course UAC is unneeded with Def+, but I didn’t run CIS for a while and all programs were installed with UAC on.

As to Skype, I already said that I granted it full UDP traffic with my router. That’s enough for it to run fine; same for WMP. I never run any app as fully trusted, except when there’s a major incompatibility flaw between CIS and some apps, like it happens during beta testing phases. And we’re not there. The issue now is that the whole PC can freeze when allowing an UDP connection; and I understand that others experienced a similar problem in Vista, but I don’t know in which conditions. In my case it’s strictly UDP permissions related. That’s a huge bug. It’s possible to circumvent it until it gets solved by the devs.

Now funnily after the last install I didn’t get the UDP prompts; I added the UDP rules manually anyway to make sure I don’t get the freezing again.

Oh, I don’t use the anti-virus part of CIS, this needed to be mentioned may be.

I mean, you can make it trusted.
then you can configure some of options by manually.(that’s what I do)
It’s better than using auto configuriation.

(I don’t use CAV too.)