I have often found executables that always trigger a pop-up and request “Allow or Block?” but then I Allow and still get pop-ups. Then I make CERTAIN the executable (.exe or .cmd) is a “Trusted Application” and STILL get pop-up warnings on launch. Finally I change the permissions to “Installer or Updater” and CIS finally stops complaining about them.
I thought perhaps CIS tracked the Date Modified and that’s why my homebrew .cmd files kept triggering (because I’d edit or move them) but then I ran into Adobe Photoshop Elements Editor (.exe) which still always triggered a pop-up on launch (“Not digitally signed! Allow or Block?”) despite that it never moves on my C: drive nor do the Created or Modified dates change. So I had to assign IT to “Installer or Updater” and now CIS is quiet about launching it.
So under what circumstances does CIS decide an executable’s existing rule (even if I’ve said “Trusted Application”) no longer apply, and issue a pop-up anyway? And why can I look in my Computer Security Policy Defense+ Rules and see multiple entries for the same .exe? What exactly has to change about an .exe to be re-reviewed by CIS? ???
In general youi should submit these files to CIS if you don’t have clouad scanning enabled for one up images. However, since CIS works w/file hash code, if the hash changes between executions (despite having the same name), you’ll get an alert. These type of images should be configured as ‘installer / updaters’
BOINC and Visual Studio projects are good examples of that. The former because each projects Work Units and client aren’t digitally signed by their respective projects. The latter because any changes made to the source code will result in an alert at debug time. You’ll end up w/multiple entries in D+ - not to mention the countless submissions to the cloud for verification - for that.
As far as Adobe Photoshop Digital Editor, Adobe is a trusted vendor, so I don’t know whey that wouldn’t be digitally signed in the first place. If that’s put into ‘trusted files list’, the alerts should go away IF you click remember this for each resource access that it alerts on. Eventually there’s enough depth to the various resource access name permissions that it stops bugging you.
One thing ADE may be asking you about is file access. The easiest thing to do is select the folder that holds the files you frequently edit. Then CIS won’t bother you about reading or writing any file in that folder by ADE.
One thing ADE may be asking you about is file access. The easiest thing to do is select the folder that holds the files you frequently edit. Then CIS won't bother you about reading or writing any file in that folder by ADE.
Not exactly sure what you mean "select the folder" but will take a look at PE's file accesses.