I’ve had CIS installed on my machine for several months but all of a sudden notepad.exe is now unrecognized by Defense+ and gets sandboxed as untrusted. I checked C:\windows\system32\notepad.exe and it doesn’t seem to have been modified either. Could this be an indication of a corrupt CIS installation?
Additionally, when hooking an external device to my computer, Defense+ alerted of windows\system32\newdev.dll requesting unlimited access to the computer. Even though the file is signed by Microsoft, CIS did not trust it. I’m wondering if this is normal behaviour. Even though untrusted, Defense+ logs indicate newdev.dll modified registry (HKEY_USERS.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\parseautoexec).
My machine is XP SP3. CIS, Proactive Security setting.