Customized installation of cis 5: crashing windows

What follows is going to be quite long, let me first specify the configuration in order for everyone to understand what i am speaking of.

I am still, and happily, running cis v3 (third-party av) on my “production system”.
In order to participate to the translation of cis 5 in french (still a long road to go…), and as i have 2 physical harddisks, i installed the same os to the second harddisk, and cis 5 therein.
I am now able to double boot xp cis3 or cis 5.

Both OS are xp pro sp3, french, 32 bits, fat32.

I have first installed on the second disk the last cis 5 RC.
I uninstalled it yesterday, and it’s rather a good point: cis built-in uninstaller almost leaves nothing behind, excepting half a dozen of registry writings (mostly legacy drivers) i got rid of with Regseeker.
Next, i downloaded and made a fresh cis 5 final installation, and the behavior i describe therafter is common to both situations.

Let’s assume that my initial concern is to run firewall and defense+:
-the av is set to disabled or low, not changing anything for what we are concerned with
-the configuration is set to proactive
-the sandbox and cloud are disabled
-every trusted editor is deleted

Now, i don’t want firewall and defense+ to take whatever decision i am not myself approving or denying, including default svchost behavior:
-the firewall and defense+ are both set to highest degree
-every preset group of rules (windows operating system…) is switched to custom, but i check that no deny rule exists: the different defense+ items are set only to ask.

Everything goes smooth as long as i select my wished settings for firewall and defense+, excepting a dramatic behavior recently reported on this same forum, and never corrected since v3:
when you allow a firewall rule, the rule is not only allowed for a local subnet, as reported in the thread i am speaking of, but for everything in the web.
This is indeed a very dangerous behavior.
Of course, you shall argue that, if i customize, i exactly know what i am doing, and i actually do:
But probably not everyone in such a situation knows that he should soforth amend the new rule according to what should be allowed in terms of ip and ports, and even if he does, he still needs a piece of paper to note what has to be allowed: totally unacceptable.

Now, every daily use is set, the browser and mail client are allowed as they should, system, svchost, lan rules were made and amended according to their requests:
time to go to the last item on the right side, i don’t know how you call it in english, “summary”, “preferences”, or something alike.
As soon as entering, the gui crashes without asking anything: the only working thing is a right click in an empty desktop location, and everything behaves as if cis had blocked both the monitor and mouse, altough nothing is ever asked.
The cpu usage is normal, but nothing works (including ctr-alt-del, not allowing you even if it did to kill cis).
cis might actually be “overflowed”: ctr-alt-del answers with a cis request 10 mn after (i really mean 10 mn).

You are stucked, even the power off button does not work anymore, and even if you plug off, when plugging on again, you face the same situation, leading to the next bug:
The only solution is to reboot your working system, and from there to delete only the cis drivers on the faulty system, and then reboot it… and it works, meaning that anyone with access to your working partition from another one or an external booting device is able to throw cis out in 2 mn:
don’t be overconfident, the situation would be exactly the same with ntfs unless folder rights and passwords are enforced, and is not dependent of windows shares (there isn’t any in my configuration):
scary, isn’t it?

Long story…

Could you break it down in two separate bug reports including steps to reproduce and post it in the bug board?

I told you it needed to be somewhat long…

But why “2 separate bugs”?

Concerning too wide rules, it is obvious and already documented, anyone can do the test.

About throwing out cis from an external partition, it’s not a bug, there’s no reaction of cis whatsoever, since it is not active (the drivers, i can name them if you want, but i am not sure it’s a good idea, are deleted from another partition, and hence don’t “say” anything).

Last, about the crash itself, of course, i can reproduce every step and take screen captures of the settings “before”, and i am even ready to deliberately crash again so as to report it: but, when being crashed, you can’t of course take any screen capture or run whatever software analyzing what happens or not.

Would you please precise what you actually want me to do?

Does anything show up in the Defence+ logs for around the time of the crash? It could be a Windows System Application that requires keyboard access (just a wild guess)!

I can’t state formally as the only solution to the crash is to reinstall cis, and yes, it might be something like that, but as i said, i had no defense+ alert at all and nothing was set (prior check) to higher then “ask”.

I could however, in order to be sure, run the crash sequence again, but i would need, for it to be useful, to know how to export the said log when accessing the crashed partition from the other one, and then be able to read it again.