Issue 1: Defense+ does not seem to be raising alert for anything covered under “protected settings” when in training mode. doesn’t this defeat the purpose of training mode? for example, having protection on windows services is a very good feature, but having to white list, by hand, every single application that could be making a request to a windows process is redundant.
issue 2: sometimes in training mode, things are still blocked, and sometimes in safe mode, I am not receiving alerts.
issue 3: edit: CIS was blocking all sorts of windows applications (bitlocker?) so just to test i added a wildcard expression for %windir%\system32* and set all to “Allow”. still, applications under this directory are blocked from hooking into an application under Program Files (one that contains no protection rules). i am at a loss understanding what could be trumping my rule;
CIS Defense+ seems to block everything that hasn’t got an explicitly defined exclusion!??
am i missing a very obvious step somewhere?
Issue: it simply does not work. launching virtkiosk.exe results in the application hanging, sometimes consuming 100% cpu. right-click launching an application in the sandbox does the same thing. dragon/IE will not launch in the sandbox
i have tried uninstalling, using the cleaner tool in safe mode, reinstalling. i have tried on another machine. i have tried on a different architecture (x86 and 64bit). i have tried disabling services, exiting applications, etc
i have tried disabling DEP, ASLR, SEHOP, etc. i have even checked virtkiosk.exe against Depends, and attached a debugger to see if it was trying to access a shared library, object, or file in which i might have been missing (or something else obvious).
no cigar. i have not had any luck getting it to work