autocontainment bug

A. THE BUG/ISSUE: removing ignored application from autocontainment rules doesnot block that application again

what I did & what happened:

if you unblock blocked application using “unblock for all security components” option then an ignore rule is added to autocontainment rules

but if you disable or remove that rule the application will lunch anyway without problems p.s. if you do same things but use “unblock for components shown in blocked by column” then application will be blocked

CIS v10.2.0.6526
fresh install on win 7
containment rules are changed to block every unrecognized application

Hi Fashisti,

Thanks for reporting. We are investigating it.

Kind Regards,

Not a bug, when you use unblock from all components then it also changes the file rating to trusted for that file, therefore it won’t be blocked by auto-containment because auto-containment does not contain trusted rated files.

hmm ??? and where is that trusted rating stored? can it be deleted? but anyway it doesnot feels intuitive when you delete ignore rule and it keeps ignoring that file

Listed here . . .

my bad :embarassed: i looked there multiple times but i was testing bat files and didnot saw that you need to select all file types in order to see bat files