I have CIS 6.3 installed on W7SP1-64 bit and have a problem with defence plus.
System wants to modify C:\Windows\system32\WDI\LogFiles\ShutdownCKCL.etl
and C:\Windows\System32\LogFiles\SQM\SQMLogger.etl.001 to 010.
The problem occurs when i put hips in safe mode,proactive configuration with
create rules for safe applications.
It does not matter if i import settings use default proactive configuration or
make new proactive configuration with different name or make clean install of CIS
i always have problems with system wants to modify file defense plus alert.
What ever setting i make for System installer/updater or windows application
the defense plus rule gets reverted to custom rule set.
If somebody can help me please do so.
If this is a program bug please fix it because it is driving me nuts.
My configuration AMD Phenom II 940 four cores, 8 GB DDR2 ram, Nvidia GTX 260 896 MB VRAM.
Edit: The problem is that CIS v6 can’t remember settings and this is a major problem.
Since CIS version 7 is available i closed this topic.
When does this happen? Does it happen during shutdown of your computer? Do you have Block all unknown requests if the application is closed enabled? Can you see what happens when you disable it?
When you made a custom rule for System did you put it on top of the HIPS Rules list? If not try again and see what happens.
Hello EricJH.
I never have “Block all unknown requests if the application is closed” enabled.
The problem happens during shutdown and restart.
At this moment System is behaving without problems.I can’t explain it.
System is set as Windows system application rule.
The custom rule for System is not on top of the list and i tried that before i asked for help
and it did not make any difference it might in the future because the problem is behaving
erratic.
I know that with boot the order in which executable are executed may vary. The timing between the event and load of CIS may be an explanation why sometimes it is a problem and sometimes it isn’t during boot.
Sometimes there are logs in event viewer that indicate CIS was using registry
and did not properly unload it self when operating system was shutting down
or restarting.
That might be the problem with CIS that i am having.
Are you on Windows XP? From what I recall that is a problem that is not uncommon on XP and not specific for CIS.
As i stated this in my firs post W7SP1-64 bit.
I use to have this on WXPSP3-32 bit and now i have it on W7SP1-64 bit.
Edit 2: It may be the problem with CIS not remembering settings.
I have edited my first post with important information.
In the edit you mention CIS cannot remember settings. Do you mean you are also witnessing this with rules for other executables in different situations than the ones you reported in your topic start?
CIS can’t remember Defense + ,sandbox and trusted files.
Firewall settings are remembered and all settings have “Create rules for safe applications”.