CFP cannot detect modification of a executable on a usb removable media

I like to personalized my usb memory flash with autorun.inf file using shell\command option for adding menu items, so when I changed my usb software personalizer to one better, just renamed my new software with the name of the older:”usbstyle” but this changes I did them in other computer, not mine.

When I executed my new program from explorer.exe interface, D+ couldn’t show me any alert like “explorer.exe is trying to execute usbstyle.exe. What would you like to do?”. In other words D+ couldn’t detected the new program execution because it trusted on the file name. I think D+ applied the usbstyle.exe policy without verification from the source.

That is not a bug. It is by design.

Here is the logic:

  • CIS is the nanny of programs not of user behaviour
  • CIS is strong enough to detect (as good as) everything that is happening on your computer. Hence it does not have a hash file check like for example Zone Alarm Free has

Catch is you willingly changed that program and CIS allows users to make mistakes.[/list]