bug after update of cis ,when running apps from mapped drive inside vmware

its a little long to describe but i want you to have a complete understanding.
i have ubuntu 64 10.4. inside that i have installed vmware workstation version 7.1.2 build-301548. inside that i have windows 7 32 version with all updates installed and i have installed cis in that windows.i have a shred folder added to windows 7 as a mapped drive and i use it to run my portable application inside windows.
until version 5 everything was OK. after updating ( though i had to uninstall and install over ) cis to version 5.0.153652 everything else is the same( at least i see no difference) but when i run a chromuom webroswer from mapped shared drive , i get the familiar dialog that asks for me to allow or block INTERNET access to that app but when i click any on the option available , again it appears like nothing happened and asks again.this happens for ever( endless loop) the funny thing is i see that in cis firewall rules that the rules i am clicking on are being saved but to no affect and there is a long list of saved rules for that app i am trying to give access and they have no effect what so ever.
another thing i noticed is that when i runned notepad portable it asked and asked and asked to no effect but when i restarted notepad portable it didn’t ask and give INTERNET access to it.same for firefox portable. but the funny part is when i delete network policy configuration in cis, firefox portable and notepad portable ,both can access INTERNET without any dialog asking me about it ! and chrome still asks and asks and asks.

what i want to summarize is that i have the config i added a screen shot of, but still chrome asks again and again and firefox and notepad portable (that are not in the list ) just access internet with no asking.

more info:
0 chrome behavior also happens for tor proxy .
1 this happens only on my windows 7 installed in vmware.( i have to way of testing on actual windows install on real hardware)
1.5 if i copy chrome portable to desktop(drive c and not the mapped drive) ,it works normal.
2 this doesn’t happens in windows xp installed on same vmware workstation.
3 this didn’t happened with older versions of cis
5 i have disabled defense part of cis and only use firewall( when installing i only checked firewall without defense++)

my conclusion :
maybe cis 5 has some issues with mapped drives,ormaybe with mapped drive inside vmware windows 7 :slight_smile:

The bug/issue

  1. What you did:updated to cis 5 :slight_smile:
  2. What actually happened or you actually saw: endless dialog asking for permission for binary files on mapped drive.
  3. What you expected to happen or see:just one dialog
  4. How you tried to fix it & what happened:cant
  5. Details (exact version) of any software involved with download link:
  6. Any other information (eg your guess regarding the cause, with reasons):

Files appended

  1. Screenshots illustrating the bug:
  2. Screenshots of related event logs or the active processes list:
  3. A CIS config report or file.
  4. Crash or freeze dump file:

Your set-up

  1. CIS version, AV database version & configuration used:
  2. Whether you imported a configuration, if so from what version:
  3. Defense+ and Sandbox OR Firewall security level:
  4. OS version, service pack, no of bits, UAC setting, & account type:
  5. Other security and utility software running:
  6. Virtual machine used (Please do NOT use Virtual box):

[attachment deleted by admin]

Thanks for describing the problem so comprehensively.

My feeling is that this is likely a setup and portable app related problem rather than a bug.

The solution will probably lie (counterintuitivley) in making the files concerned trusted files in defense plus and rebooting (After first deleting all the stray rule entries)

This is because such files are allowed outbound access, but unlike files referenced by firewall rules, are identified by hash. Firewall rules do not allow portable apps to be permanently as the files are identified by path - next time they are run the path may refer to a different file, maybe a malware file.

To resolve the problem you’ll also need to be very well ware of where the copy of CIS you are running is located (within which VM ‘onion ring’). Any rules will only apply to apps launched within that onion ring.

I’ll forward this to firewall help, maybe Ronny (who is ACE at VM’s and firewalls) will help you there. If this is discovered to be a bug any mos will move it back for you.

Best wishes


just to clear up the issue:
when i said portable apps i i didn’t mean that i change its path every time run it , just wanted to say what it was , and as i said the firefox is portable too but doesn’t have that problem of endless loop of dialogue, on the other hand for firefox portable (after i cleaned all rules) cis asks nothing and just acts as if there is no cis and firefox can access internet without cis permission.

so to summarize it cis has issues with mapped drive.and it happens only in windows7 (inside vmware) not on windows xp(that works as before),and his issues has appeared after updating from 4 to 5 of cis.
btw as i said i have disabled defense part of cis( though i wish there was a way to remove t from cis completely)