Operating System: Windows 7 Pro b7600 x64
CIS version: 4.0.141842.828
General Issue:
It seems to me that the issue with very slow applying of CIS configuration has been reintroduced in CIS v4. This issue is known from CIS v3 and has been fixed somewhere along CIS v3 development, but now it reappeared in CIS v4. It is most noticeable for Defense+ which easily gets 100+ rules if you have enabled an option to create rules for safe applications. The problem is noticeable when user presses Apply button in Computer Security Policy, when a user choose an option to Remember my answer in alert dialogue and when CFP.EXE exits. The amount of data CIS rewrites to registry is pretty vast. CIS v3 has it optimized to some extend, but CIS v4 is slow as a turtle in that matter. Here are the results of some tests I did:
CIS 3.14.130099.587 x86:
- Number of Defense+ policies: 147
- Amount of registry operations needed to rewrite D+ settings: ~ 41000
- Time needed to save configuration on virtual machine: ~ 4 seconds
CIS 4.0.141842.828 x64:
- Number of Defense+ policies: 125
- Amount of registry operations needed to rewrite D+ settings: ~ 72000
- Time needed to save configuration on real machine: ~ 18 seconds
CIS 4.0.141842.828 x86:
- Number of Defense+ policies: 131
- Amount of registry operations needed to rewrite D+ settings: ~ 60000
- Time needed to save configuration on virtual machine: ~ 13 seconds
This issue needs addressing and optimization.
[attachment deleted by admin]
An update to this issue.
I noticed that on my real system the Clean PC Mode, in which CIS v4 x64 was running for a week or so, had created two unusual policies.
The first policy, was just ridicules, was for the process C:\Windows\SysWOW64\regsvr32.exe and contained 745 entries for ‘Allowed Registry Keys’ in ‘Protected Registry Keys’.
The second one was for %windir%\explorer.exe and contained 61 entries for ‘Allowed Applications’ in ‘Run an executable’. Even though I manually changed the policy for %windir%\explorer.exe to ‘Windows System Application’ some time ago, the left overs from Clean PC Mode remained and were rewritten each time Defense+ configuration was reapplied.
By manually removing and then recreating these two policies which were first created by Clean PC Mode, I managed to reduce the time of rewriting the Defense+ configuration by half. But still it’s not as good as in CIS v3.14. Anyway, I checked rest of the policies in my D+ configuration, and there are no more such of anomalies like in those two mentioned earlier.
IMHO the process C:\Windows\SysWOW64\regsvr32.exe should have default policy made by Comodo just like explorer.exe and some other key Windows’ processes.
CIS 4.0.141842.828 x64:
- Number of Defense+ policies: 125
- Amount of registry operations needed to rewrite D+ settings: ~ 59000
- Time needed to save configuration on real machine: ~ 9 seconds
[attachment deleted by admin]
i have about 250 rules of D+ and 20 sec to write it ???
Second update to this issue:
Operating System: Windows 7 Pro b7600 x64
CIS version: 4.0.141842.828
Predefined configuration: COMODO - Proactive Security
Defense+ mode: Safe Mode
Creating rules for Safe Applications: Enabled
Yesterday, I ran Spybot - Search & Destroy and then Immunize function which adds passive protection against malware and adware. It modifies a lot of registry keys. During the process of immunization, which took unusually long, I noticed that CFP.EXE is taking a lot of CPU. As I suspected, CIS added lots of ‘Allowed Registry Keys’ in ‘Protected Registry Keys’ to the Defense+ policy automatically created for ‘C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe’ process. Moreover, CIS somehow desynchronized itself and created TWO separate policies for the same process (in this case ‘C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe’). The first policy contained 65 entries for ‘Allowed Registry Keys’ in ‘Protected Registry Keys’, and the second one 203 entries for the same thing. Clearly CIS has problems with creating rules for Safe Applications in COMODO - Proactive Security configuration. Anyway, to resolve this issue I deleted those two policies made for SpybotSD.exe and I disabled creating rules for Safe Applications.
I exported the buggy configuration before deleting those policies. If it’s needed, then I can send it through PM.
[attachment deleted by admin]