Windows XP Pro 801MHZ 512RAM
CIS V581 full, Sandboxie, LUA
No other security software.
Found out that I can run a program (not installed) that is not white listed and no rule created for it by quickly selecting the shortcut immediately after log on after startup. Get balloon notifications of Defense+ learning, and program runs. I can duplicate by deleting rule, and restarting. Can not duplicate on my newer PC, probably because it is much faster than I am. If no one else can duplicate this than I am considering using Software Restriction Policy to cover this weak point.
Edit: corrected version
There is an option “block all unknown requests if the application is closed” in defence+ settings. If the CIS application is slow to start it will allow all actions without rules until it starts up unless this is ticked.
I ticked it, and rebooted twice. On second boot tested again and program was not blocked. No rule created this time. I then closed the program down, and run again without rebooting, and I get the D+ pop up as expected. Diagnostics reports no problems with my installation.
This may not be as big as a problem as my first reaction. Defense + will catch anything otherwise. Was planning on using Software Restriction Policy anyway for another layer of protection.
Thank you tcarrbrion