Can't remove trusted software vendors/explorer.exe can execute anything it likes

I just reinstalled CIS on one of my PCs because I have been having issues with VLC and PowerDVD locking up the computer.

I initially thought it was CMF but after uninstalling this (since I found the latest CIS has CMF built in anyway) the problem did not stop

I then uninstalled CPF but still the problem remained

So I have reinstaleld CPF but now I have some new problem.

  1. I cannot remove anything from the “trusted software vendors” list. I remove them, click apply, and when I go back they’re all still there.

  2. Defence+ used to ask me whenever explorer.exe tried to run a program, now it doesn’t.

I have “trust applications that are digitally signed” turned OFF
I have D+ set to Paranoid mode
I have explorer.exe set as “windows system application” which includes asking me if it tries to execute anything else…

and STILL D+ does not ask me!

Also, when I installed, I did not do a scan and I also said I didn’t know if the PC was clean. last time I did all these things, it worked how it should.

How can I fix these problems? is it a bug? is it by design?

My Explorer.exe is set as Custom (Safe mode) Attached is a pic of my Access Rights for Explorer.exe.

[attachment deleted by admin]

All of them?

Currently you can only remove one vendor at a time. If you select more than one vendor, click remove and then ‘apply’, only the first vendor in your selection will be removed. So what you need to do is:

  • Select vendor to remove
  • Remove
  • Apply
  • Repeat the process for each vendor you wish to remove

Whether or not this is by design I can’t say.

When under Process Access Rights click Modify behind “Run as an executable” and see what programs are allowed. You can delete all of them if you want to be notified again.

Thanks, that sorted it. I looked under the settings and found that even though it was set to “ask” for run an executable, there was also a rule under the advanced allowed list called “*” so it was able to execute anything anyway

That worked too. I had been trying to remove multiple items at once

Under allowed everything was allowed (there was just one rule with a * )

When you have the * under Run as executable then that is what the Windows System Application Rule provides. It sounds like you made Explorer.exe a Windows system appliation. You can choose to delete the rule and start from scratch again or delete the *.