.bat file is trusted

Is there a problem with the new version of CFW? I was playing around with a reboot.bat file, which should have been contained… it ran, and rebooted my system. I checked the File list, and it was listed as Trusted… But when I ran the test on my old laptop, running an older version of CFW, it was contained with no issues… is it me?

Apart from my problems that I described earlier with the latest version of CIS …
… also noticed that despite adding one of my batch (.bat) files to the trusted files, the CIS still alerts that the file has been blocked. I can also confirm this error from the autopsy.

As for Containment, I think it’s working fine. In your case the problem here is that the reboot.bat file has been trusted and so it was uncontained. In my test I created the batch file and ran, CIS rate it as unrecognized and was contained. I manually set the batch file rating to trusted and ran, as expected it was uncontained. I tried to modify a trusted file to find out if CIS will still continue to trust it after modification(simulating virus infection and modification). Upon running, the file rating changes to unrecognized and was contained.

As for why the reboot.bat file has been trusted? In your case, I can only assume, just maybe you mistakenly trusted that file.

I think you can see what module is blocking it in Advance View and might need to add an exclusion to it.

hmm, is there any way of correcting rating, if indeed, that is the case?

Read the help documentation about the file list.

here you go… please follow this post…