I always make the following rule to block some files internet access:
Protected files/Folders > Block Windows Socket Interface
DNS Client Service > Block
This rule has worked with all versions of CIS except CIS 12.3.4.8162
The files to which I applied this rule in Windows 11 try nevertheless to connect to internet, they seem to bypass the rule and I’ve to block them with the FW.
Could you check if this is a CIS bug or if I must add something in the rule to make it work in windows 11 as it worked with previous versions of CIS and Windows.
Thank you
1 Like
Hi Boris_3,
Thank you for reporting.
We will check and update you.
Thanks
C.O.M.O.D.O RT
Try another way:
HIPS Rule: Access Rights - Protected Files/Folders - Modify - Blocked Files/Folders - Add - Windows Sockets
(On Win10 22H2 + CIS 12.3.4.8162 both variants works: block DNS and block sockets)
1 Like
UPD previous post.
On Win 11 IoT Enterprise 2024 LTSC 24H2 26100.4652 + CIS 12.3.4.8162 also works on both variants. It seems to me you have misconfiguration.
I’m sorry couldn’t reply earlier. The rules I mentioned are the same as yours. I’ve used them several years. They worked without a flaw for Win 10 and earlier versions. In win 11 they don’t prevent some windows files to connect namely BackgroundTaskHost.exe. These files seem to use another protocol than Windows Socket Interface to connect.
As far as I know, it is impossible to access the Internet without sockets. Look for errors in the configuration.
For your info :
AI Overview
Some Windows files may connect despite a Host Intrusion Prevention System (HIPS) blocking the Winsock interface due to the use of alternative, lower-level network protocols or by leveraging specific Windows services that bypass traditional socket APIs.
And for example? (never heard it)