May I know the specific reason why the below two bug reports where moved to the “Forum Policy Violation Board”?
Thank you.
AV Suite updated - HIPS rules got destroyed
HIPS Rules - Reverse order after system log on.
I’ve posted only one bug report yesterday and soon after that two bug reports ended up in the violation board without an explanation nor a PM as to why these reports violated the rules.
What went wrong?
Hi CISfan,
Thank you for reporting, we haven’t moved these topics to the “Forum Policy Violation Board”.
Let me check with the related team and update you.
Thanks
C.O.M.O.D.O RT
Hello C.O.M.O.D.O RT,
Thank you.
The issue that I reported in my last bug report is no coincidence. I’m able to reproduce it, here’s what I did.
- Restored OS backup image containing previous version of AV suite and CIS 8012 with HIPS rules in place.
- Started system and logged on to the Windows desktop and just let it idle for a while waiting for the AV suite to start updating its software.
- After a while the AV suite started updating itself and after just a few minutes it finished its updating process without any issues (note: no reboot needed).
- I checked the HIPS rules, no problems there, all rules are in place.
- Kept the system running for some time, did some browsing on the internet, opened up the new AV suite GUI just to have a look at it and closed it and let the system running for some more time.
- Checked the HIPS rules again, everything fine, all rules are in place.
- Now I did shutdown the system and did wait a while after it powered down before restarting it again.
- After logging on to the Windows desktop I waited a while for all tray icons to appear and to become ready.
- Now I checked the HIPS rules, and I’m sorry to say but all rules were gone.
Please note that I’ve executed all above steps two times in the past days and exactly the same thing keeps happening, no more HIPS rules at the end.
Allow me to say that this is very frustrating to say the least.
Hi CISfan,
Are you referring Av suite as other security software or is it a CIS ?
Thanks
C.O.M.O.D.O RT
Hello C.O.M.O.D.O RT,
Its other AV software suite (not CIS AV) running alongside with CFW 8012.
Please note that AV software suite is not key to this issue as the issue also happens with other software.
Hi CISfan,
Thanks for providing the requested information, may i know the other Av suite name ?
Thanks
C.O.M.O.D.O RT
Hello C.O.M.O.D.O RT,
Sure, other AV suite name is Avira.
The previous version AV suite name is called “Avira Free Antivirus” and it updates to “Avira Free Security”.
If interested I can provide screenshots of previous AV suite version number and updated AV suite version number.
For the previous AV suite version number screenshot I have to restore OS backup image (but I have to do that anyway).
Hi CISfan,
Thank you for the information, we will check with the team and update you.
Thanks
C.O.M.O.D.O RT
CIS 8012 vs CIS V5.12
I restored OS backup image containing previous version of AV suite and CIS V5.12 with HIPS rules in place.
Next I executed exactly the same steps 2-8 from post #4.
The result at step 9 from post #4 now is that HIPS rules are still in place (they get not deleted as with CIS 8012).
So what do I do?
Return to good old V5.12 which is able to keep the HIPS rules?
Hi CISfan,
We are aware of this issue.
The team is working on it.
We will keep you posted.
Thanks
C.O.M.O.D.O RT
And with that locked, stop spamming them with duplicate reports you know they are aware of it and you know the solution to prevent it from happening.
Thank you for unlocking.
I’m fully aware that the bug is a known (long standing) issue and that the team is working on it.
The purpose to report similar issues is to share additional information in order to help the team to gain more insights into the bug and how it can be fixed.
Now here’s my additional testing information
- Executed same steps 1-6 from post #4.
- Disabled HIPS feature “Create rules for safe applications” (unticked).
- Restarted the system and logged on to Windows Desktop and did wait for all tray icons.
- Checked the HIPS rules, all fine, HIPS rules in place.
- Enabled HIPS feature “Create rules for safe applications” again (ticked).
- Did use the system for a while as I normally would do.
- Shutdown the system.
- After a while I started the system again to find out that the rules were gone again despite disabling the “Create rules for safe applications” feature before the system restart of step 8.
So no new relevant information then, you turned it back on so it doesn’t matter that it was disabled before, Why are you surprised that rules are gone when you turned the buggy setting back on and then shutdown while it was still enabled? The issue is the same, anytime HIPS rules gets updated specifically creating a new application rule, while the system is in the middle of rebooting or shutting down, the rules will be erased next startup/login. There is nothing more that needs to be said, they know about it and claim to be working on it, either accept that or accept that it will never be fixed and you need to not use the setting which causes the issue.
Maybe there is some relevant information. As I could reproduce the issue each time after the first reboot (steps 7-9 post #4) I had hoped that I could prevent the issue from happening again by disabling the feature temporary before the first reboot (the first reboot after the AV suite finished updating which triggered the issue) and then enable it again after the next log on to continue using the HIPS rules. The AV suite might be doing some installation cleanup work before or during the first shutdown so it is quite possible for the issue to happen at that stage but I would not expect it to happen on the second reboot. Sure the issue might occur with every shutdown when the feature is set on but when I use my system normally it doesn’t occur that often as it does in this specific case.
I would like to redo the test with (many) multiple reboots with the feature temporary set off and leave it on before the final reboot just to see if it happens again after that final reboot.
But yeah maybe you are right, there is nothing more to be said.