D+ drops the driver letter from the path for some apps in persistent rules [NBZ]

The bug/issue

  1. What you did:
    Got a pop-up from D+ for C:\Users\SirComo\AppData\Local\Google\Chrome\Application\10.0.648.114\gcswf32.dll that it wants to access the memory of chrome.exe
    I allowed it and selected the remember option. The rule got created but the drive letter is not included in the path, only “\Users\SirComo\AppData\Local\Google\Chrome\Application\10.0.648.114\gcswf32.dll” is in the path.
  2. What actually happened or you actually saw: The drive letter is dropped from the path in the rule. This is a problem because if I purge the rules, this rule is removed as the path is invalid.
  3. What you expected to happen or see: The drive letter must be part of the path
  4. How you tried to fix it & what happened:
  5. If its an application compatibility problem have you tried the application fixes here?:
  6. Details & exact version of any application (execpt CIS) involved with download link:
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: Yes, it can be reproduced for other apps too, and .cmd script files.
  8. Any other information (eg your guess regarding the cause, with reasons):
    Check .cmd files too, it happens for those too.
    Even if I add the correct full path manually as a rule, D+ won’t use it, it still pops up an alert and creates a new rule with the path missing the drive letter.

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug:
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List:
  3. A CIS config report or file.
  4. Crash or freeze dump file:

Your set-up

  1. CIS version, AV database version & configuration used: 5.3.181415.1237
  2. a) Have you updated (without uninstall) from CIS 3 or 4: No, clean install
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No
  5. Defense+, Sandbox, Firewall & AV security levels: D+= CleanPC , Sandbox= Off, Firewall = Safe, AV = Off
  6. OS version, service pack, number of bits, UAC setting, & account type: Win7 Pro x64 SP1, UAC elevate without prompt, admin account
  7. Other security and utility software installed: MSE AV
  8. Virtual machine used (Please do NOT use Virtual box): No

Could you please post the missing information in your first post.

  1. OS version, service pack, number of bits, UAC setting, & account type: Win7 Pro x64, UAC elevate without prompt, admin account

Thank you


Thank you for your bug report in the required format.

Moved to verified.

Thank you