CIS preventing Cut & Paste in Word 2007

I installed CIS on a friend’s computer about a year age (Windows XP). In only the last month she has been having a problem with Cut & Paste in Word 07. I tried everything to restore C&P, following Microsoft’s troubleshooting instructions all to no avail. I finally noticed one line saying that a anti-virus program could be the problem. I un-installed CIS (with regret) and the problem went away. I wasn’t able to verify what component of CIS caused the problem. Anyone else experiencing this? I’m still using CIS on my own computer as I don’t run Word.

Using Word 2007 and CIS with no problem. May be something in the rule made for Word blocked it. I would have to see the Defense + logs and/or the program rule made for Word 2k7.

I have a similar problem not with Word 2007, but with Word 2000.

I just moved from other firewall/av (Pc Tools/Avira) to CIS 3.14, Windows XP Prof sp3, each with primary and logical partitions, only xp as an os on one of the primary partitions, running administrative account (i know, i should not).

Previous protection softwares are totally uninstalled, no file, service or registry setting left (a hard job concerning Avira…).

Cut and Paste is OK, but there’s no way to save a modified word file, denied by a “lack of administrative privilege” message seeming to come not from CIS, but from Word itself and replacing the word file by an unreadable $xxx.tmp.doc file

Trial and error shows that the tasks becomes possible if, and only if the CIS antivirus is disabled.
Of course, the antivirus does not find any virus in Word and does not log anything.

The task remains impossible if Defense+ and/or Firewall are disabled, and there’s no Word rule and/or log in either of them.

Edit: sorry, i just saw the very same problem is documented, page 2.
No USB drive involved, but both disks, one SATA and the other IDE have all of their partitions formatted FAT32, and i do not wish, because of ms dos compatibility, to make the conversion.
So, still no other solution at the time being? Thank you.

Can you see if this event gets logged under View Antivirus Events and post a screenshot of the Events?

If you are speaking to me (and not to Henry), as i said, there’s no Word antivirus event whatsoever.

Word asked me when i opened the first doc for defense+ permissions (hooks, registry settings…) i allowed, and i cannot see any defense+ word custom parameter related to this problem. (Speaking of that, the av systematically logs every remote control application, including radmin and ultravnc, and every shutdown utility, including microsoft/sysinternals, in what seems of course a risk for these utilities being used without the knowledge of the user, but merely false positives if not).

Edit: i forgot to point out that, since, i have set Word in defense+ as a trusted application, not changing anything to the problem (which is quite predictable, as the problem is as i said antivirus dependent).

Edit2: the bug is documented by Microsoft concerning diskspace or pagefile (i have 160GB of the first, over 140GB of free space, default 1,40GB pagefile) in Word 2003/2007 (but apparently also in Word 2000), and advises for antivirus editors to provide to its correction:

To be sure all remants of Avira and PC Tools firewall are gone try the following.

We are gonna take a look to see if there are some old drivers of your previously uninstalled security programs are still around. Go to Device Manager → View → show hidden devices → now look under Non Plug and Play drivers → when you see a driver that belongs to your previous security programs click right → uninstall —> reboot your computer.

When the problem persists make sure there are no auto starts from your previous security programs. Download Autoruns and run it.

This program finds about all auto starts in Windows. This tool can therefore seriously damage Windows when not handled properly. After starting go to Options and choose to hide Windows and Microsoft entries, to include empty locations and then push F5 to refresh.

Now check all entries to see if there are references to your previous security program. When you find them untick them. After unticking reboot your computer and see what happens.

Prior to my first post:

-every third-party security software was uninstalled, windows security center has always been disabled
-drivers have been checked
-services have been checked
-entries left behind have been checked and removed from manual intervention in the files and registry, and software registry cleaning (regcleaner, regseeker)
-Checking has been made of the Run sections of the registry, and msconfig, autoruns and procexp have been launched without finding whatsoever

What happens when you add winword.exe to the AV exclusions?

Does not change anything.

But works if i exclude a specific doc file, or if i exclude all of the desktop doc files:

D:\Documents and Settings\poste211\Bureau*.doc

But not very convenient.

A solution would be to exclude whatever doc file whatever its location is (harddisk, partition, folder, subfolder path…).

What would be the syntax of such an exclusion?

I tried *:*.doc, does not work.

Would excluding*.doc work?

Yes, thank you, the syntax does not depend of the path (and i found no tutorial of this CIS specific syntax, e.g., why “?:\Recycle?*” ?)

A good idea for me, doc files are mine, i know them not to include any macro or harmful content, but not a general good idea, as one cannot assume that third-party doc files are always safe: the “doc bug” should be corrected in CIS (note that Excel itself is not affected).