CIS5 - Sandboxes TrustedInstaller.exe even when said not to isolate it

The bug/issue

  1. What you did: Updated Windows and rebooted the PC
  2. What actually happened or you actually saw: The boot process took 10~15 minutes, I received the attached error message, Sandbox said it sandboxed TrustedInstaller.exe
  3. What you expected to happen or see: Windows boot taking 1~2 minutes and a message of successfully updated Windows
  4. How you tried to fix it & what happened: I checked “Don’t isolate it again”, rebooted, but it took 10~15 minutes to boot up and Sandbox said it sandboxed TrustedInstaller.exe again. I checked once more “Don’t isolate it again”, but after reboot the problem persists. I decided to add TrustedInstaller.exe manually to the Trusted Files list, but I receiver the other error message attached to this bug report, saying it was already in the list, but it is not (I have checked it). Finally, I disabled Sandbox and everything is back to normal: Windows could finish the update process and boot time is back to 1~2 minutes.
  5. Details (exact version) of any software involved with download link: Not applicable
  6. Any other information (eg your guess regarding the cause, with reasons): Not applicable

Files appended

  1. Screenshots illustrating the bug: Appended


http://img839.imageshack.us/img839/7965/bugstep1.png


http://img706.imageshack.us/img706/2118/bugstep2.png

  1. Screenshots of related event logs or the active processes list: Not applicable
  2. A CIS config. report or file: Appended
  3. Crash or freeze dump file: Not applicable

My set-up

  1. CIS version, AV database version & configuration used: CIS5 5.0.163652.1142. Proactive configuration.
  2. Whether you imported a configuration, if so from what version: No
  3. Defense+ and Sandbox OR Firewall security level: Firewall: Custom policy, Defenseplus=Training mode and Sandbox=enabled
  4. OS version, service pack, bits, UAC setting, & account type: Windows 7 Ultimate, N/A, 64 bit, disabled, Admin account.
  5. Other security and utility software running: Avira Antivir Personal 10.0.0.567
  6. Virtual machine used: Not applicable

Hello folks,

I have been experiencing a long boot time after receiving some updates via Windows Update. After some bug tracking activity I figured out that the problem was TrustedInstaller.exe being sandboxed. I checked the option “Don’t isolate it again”, but Sandboxes refuses to accept this command and keep sandboxing TrustedInstaller.exe. After disabling the Sandbox everything came back to normal. Can somebody help me here?

See you later,

Aeolis

[attachment deleted by admin]

Many thanks for an excellent bug report.

Can I just check, do you have:

  1. ‘Block all unknown requests when the application is closed’ ticked in D+ settings?
  2. Did you update from version 4, without uninstall? If so could you try an uninstall and install (without importing settings?)

Your event log problems ae probably caused by the logs getting filled up by CIS, a known issue, which you can resolve by disbling logging of log-on events.

Best wishes

Mouse

Hello folks,

Dear Mouse1 here are your answers:

  1. Do you have ‘Block all unknown requests when the application is closed’ ticked in D+ settings? Answer: Yes, I do.
  2. Did you update from version 4, without uninstall? If so could you try an uninstall and install (without importing settings?) Answer: No, I didn’t. I did a fresh install.

If you need more information just let me know.

See you later,

Aeolis

Thanks. Can you try unticking 1), then rebooting to see if it resolves the issue?

According to the devs this should not be ticked unless you are infected.

Best wishes

Mouse

Hello folks,

Mouse1 thank you for your attention. Yes I can try that, but I will have to wait until a new update from Microsoft is released. Then I will be able to check if your suggestion works. It could take some time to verify.

See you later,

Aeolis

I think this will probaby turn out to be a settings isssue.

For the moment I will transfer you to help until you see if the matter is resolved at the next update. Please ask any mod to move this report back to the bugs forum if it becomes clear that it is a bug/issue.

Best wishes

Mouse