Is there any chance that these will function together?
I wasn’t sure where to post this but decided to consider it a bug because what CIS does isn’t rational.
SWV creates virtual file system and registry layers containing applications which can be turned on or off. Files in a layer are held in a physical location and a file system filter driver maps them to a virtual location when the layer is turned on.
When something executes a file in a layer or an executable in the layer does something CIS detects it and displays an alert which can create an associated rule. The rule always shows the physical not virtual location of the file and the rule is subsequently ignored. If you keep executing something in a layer and allowing and remembering the alerts CIS just keeps adding identical rules.
If I manually create a rule for an executable using its virtual location that is also ignored. I tried everything I can think of to work around this and have failed.
CIS detects a request to execute something in a layer or something in a layer doing something then creates rules which don’t match what it detected and that is the irrational bit.
This isn’t a new problem. I found one or two posts about this going back a couple of years when SWV used to be Altiris SVS.