As before, suggestions in bold.
Uninstalled CAVS 2.0.0.1 and installed 2.0.0.2 today on both the work test system and the home test system.
WORK SYSTEM - NOVELL LAN WORKSTATION
CAVS Config : Only change to CAVS default config was to turn on HIPS dialogue for blocked apps and turn off HIPS dialogue for allowed apps.
2.0.0.1 uninstalled very cleanly. - Well done, guys.
2.0.0.1 on the work system was great. 2.0.0.2 requires 15 “allows” for the same network-sourced executable when logging in on a Novell LAN workstation. The path for this executable shows only a single backslash at the beginning of the path, rather than a double backslash.
HIPS reacts very slowly when an executable is loaded from a mapped drive. The executable loads promptly after clicking allow, but the HIPS dialogue takes far longer than I expected to appear.
Safelist creation takes a long, long time if Novell mapped drives are mapped via the Windows context menu, as opposed to being remapped on login by a script.
Pausing the safelist creation is not particularly responsive if safelist is scanning files on a mapped drive when pause is clicked.
File submission is very, very intrusive.
File submission sometimes hangs when submitting a largish file.
File submission sometimes gets a connection reset by server error (possibly due to local lan congestion, or possibly due to overloaded server at your end.)
HIPS doesn’t remember executable loaded off a network if the path is declared in UNC format.
HOME SYSTEM - WIN XP LAN
CAVS Config : Only change to CAVS default config was to turn on HIPS dialogue for blocked apps and turn off HIPS dialogue for allowed apps.
2.0.0.2 takes a bit longer to rebuild the safelist than 2.0.0.1.
File submission sometimes gets a connection reset by server error (extremely unlikely to be caused by local lan congestion)
SUGGESTIONS
Is it just me or does everyone else think its a bit silly that CAVS doesn’t class some of its own files as known or safe, and puts them in the submission list?
Shouldn’t CPF receive an update about the executables in CAVS so it automatically knows about them? This would prevent a compromised download being installed, as the cryptographic signature would be different.
Is it possible for the file submission process to use resumable uploads? This would allow the process to be interrupted by the user and resumed where it left off, rather than having to start a submission again.
Is it possible for the submission process to be tied to a certain level of system inactivity? This could reduce the operational lag. One idea wouldbe to tie it to the screensaver process, like SETI.
Remember the things I tell it to. UNC file paths are not remembered.
The Mozilla Thunderbird email app shows in the submission list as “thunde~1.exe” and the path name similarly shows truncated LFN path.
The file "thunde~1.exe has been submitted four times from the same system so far.It never drops off the list, even after watching the upload occure, via the CPF ACTIVITY - CONNECTIONS screen.
“Select All” behaviour in the submission window is erratic.
Other than that, Mrs.Lincoln, how was the play? LOL
None of these are showstoppers, and the system had run very smoothly (other than LAN induced delays), with no discernible lag since installing 2.0.0.2.
Looking good!
Cheers,
Ewen