CIS 7 blocks my vpn or produces 100% cpu on openvpn.exe


It seems that I misconfigured CIS somehow.
Last week all worked very well and now CIS blocks the vpn connection like this:

CIS blocks all outgoing traffic to the vpn server

or, depending on the checked boxes at the “advanced options” at firewall section:
cpu usage is 100% with the openvpn.exe

I haven’t found out which box makes the problems because it’s like:
uncheck all → 100% cpu
only check loopback traffic → blocking
checking all → 100% cpu
checking all but loopback traffic → blocking

When deactivating the firewall then vpn is working well (and no 100% cpu usage)


  • Windows XP x86
  • Viscosity from Spark Labs (vpn client which is basically a GUI for openvpn with a view extras)
  • CIS Premium v7.0.317799.4142

I hope that anyone has an idea

regards - Stefan

with this tutorial I created the rules in CIS for VPN client:


just found an old comodo firewall config file with the working ruleset.
Imported it to CIS and - same result as described above.

Then I tried another vpn client to exclude any faults of viscosity.
With the vpn client provides from my vpn service provider the result is:

  • CIS blocks traffic as on the screenshot above
  • no more 100% cpu usage of the openvpn.exe of the vpn client

So there must be a change in CIS via update function I guess.

How can I allow traffic to the vpn server?
I created a ruleset to allow in- and outgoing traffic to the vpn server adresse but CIS don’t care.

I’m close before searching for another firewall / antivirus solution >:(

No ideas?

Try giving openvpn.exe the Trusted Application policy in firewall Application Rules.

Does that make a difference? If not could you post a screenshot of your Global Rules?

You stated you imported and activate an old configuration. Could you activate your previous configuration? That is to exclude the possibility that the imported configuration its self might be causing additional problem(s).

finally I got it:

wasn’t a bug but a feature - of Windows
… partly.

I had the networkconfiguration of windows (wlan adapter): automatically retrieve IP adresse dinamically and at alternative configuration a fix IP adresse, because at home I uses fixed IPs in wlan network, and at work it’s dynamic.

Don’t know why but by setting network at fixed IP and without alternative config - no more 100% cpu load at openvpn.exe
But now 100% cpu load at “System”. CIS shows me in the log that it’s blocking various incoming UDP traffic von the vpn server adresse to “System”. So added a global rule to allow all UDP traffic from the IP of the used vpn server → solved.

But I found a second failure: done as described above websites loaded very very slow.
So I deactivated the routers firewall and now all is fine.