CIS 5.3.181415.1237 creates wrong firewall rules [NBZ]

The bug/issue

1. What you did:
I run a Webserver on my host ( Global rule allows incoming traffic on TCP/80. No application rule for webserver.exe exists and Firewall alert frequency level is set to “Very high” - all checkboxes checked except “This is an…ICS Server”. Now I connect from client Alert pops up saying “ - TCP, Port 80 wants to connect to webserver.exe” and I click “Allow this request” and tick “remember my answer”. CIS now auto-creates an IP MASK rule for instead of a rule for just the one SINGLE HOST When I don’t check “remember my answer” CIS acts the same way (all subsequent inbound connections to TCP/80 are automatically allowed!) - it just does not create a rule (of course).

2. What actually happened or you actually saw:
CIS creates a IP Mask based rule instead of a Single IP rule in “Very high” alert level for inbound connections.

3. What you expected to happen or see:
“Very high” FW alert level should create a rule/notify me for every different Endpoint (IP:Port)!

4. How you tried to fix it & what happened:
There’s no way to fix this from the user side.

5. Details (exact version) of any software involved with download link:n/a

6. Any other information you think may help us:This bug exists since V3.x already!!!

Files appended

  1. Screenshots illustrating the bug:n/a
  2. Screenshots of related event logs or the active processes list:n/a
  3. A CIS config report or file.n/a
  4. Crash or freeze dump file:n/a

Your set-up

1. CIS version & configuration used: CIS 5.3.181415.1237 (Firewall Only). Defense+ temp. disabled
2. Whether you imported a configuration, if so from what version: No. Clean config.
3. Defense+ and Sandbox OR Firewall security level: Def+:Disabled, Sandbox:Disabled, Firewall:Custom
4. OS version, service pack, no of bits, UAC setting, & account type: Windows 7 Enterprise English, 32Bit, (SP1 installed or not makes no difference - tested both cases) UAC disabled, local Administrator account
5. Other security and utility software running: none
6. CIS AV database version: n/a

Could you please post the missing information and include it in your first post.

  1. OS version, service pack, no of bits, UAC setting, & account type: Windows 7 Enterprise English, 32Bit, UAC disabled, local Administrator account

Thank you


Which info is missing?

service pack SP1 or not install yet

Thank you for your issue report in the correct format.

Moved to verified.

Thank you


And of course it isn’t fixed even in the latest 5.12.x versions and I bet an arm and a leg, that the same BUG is in version 6… Hard to understand why that nasty bug can’t be resolved…

The making of the non-specific rule is one issue, which I understand can be resolved by expanding the additional options box on the alert before making your choice. I think this hidden option is regarded as a ‘design feature’, though not by me. :slight_smile:

The fact that it remembers the general rule when you don’t tell it to is another, more serious bug, which i did not know about. Certainly worth testing both against CIS 6.0 beta, and reporting if you can.

Best wishes