A. THE BUG/ISSUE:
- What you did: downloaded Windows version of GIMP , installed and ran it
- What actually happened or you actually saw: Defense+ was completely oblivious of GIMP, didn’t issue any alert during install or running of GIMP
- What you expected to happen or see: alerts from Defense+ as it is set in paranoid mode. Except for GIMP Defense+ alerts me for each move when I install or run a software. With GIMP Defense+ didn’t react at all as if GIMP was invisible for Defense+.
- How you tried to fix it & what happened: checked my defense+ settings (see images attached), but nothing could explain why Defense+ is bypassed
- If a software compatibility problem have you tried the compatibility fixes (link in format)?: not relevant
- Details & exact version of any software (execpt CIS) involved (with download link unless malware): GIMP 2.6.11, version for Windows, downloaded at http://www.gimp.org/
- Whether you can make the problem happen again, and if so precise steps to make it happen: yes, at will. Just restore a previous image of my system and install GIMP again. I got the same lack of reaction from Defense+
- Any other information (eg your guess regarding the cause, with reasons): GIMP is an open source software initially designed for Linux, but there is a version for Windows which is the one I installed
B. FILES APPENDED. (Please zip unless screenshots).:
- Screenshots of the Defense plus Active Processes List (Required for all issues):
- Screenshots illustrating the bug:
- Screenshots of related CIS event logs:
- A CIS config report or file:
- Crash or freeze dump file:
- Screenshot of More~About page. Can be used instead of typed product and AV database version:
C. YOUR SETUP: Fw in custom mode, Defense+ in paranoid mode (see images attached of Defense+ Settings), Configuration=Proactive Security, AV:Avast free
- CIS version, AV database version & configuration: see image attached
- a) Have you updated (without uninstall) from a previous version of CIS: no
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: no - a) Have you imported a config from a previous version of CIS: no
b) if so, have U tried a standard config (without losing settings - if not please do)?: - Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): none that can explain the problem
- Defense+, Sandbox, Firewall & AV security levels: defense+ & sandbox see attached images; FW : custom policy
- OS version, service pack, number of bits, UAC setting, & account type: win XP SP3 32bits; administrator account
- Other security and utility software currently installed: Avast free; Autoruns; Process Explorer
- Other security software previously installed at any time since Windows was last installed: none
- Virtual machine used (Please do NOT use Virtual box)[color=blue]: the problem arised on the host machine ==> real machine
NB : I’am anxious that if GIMP can so easily bypass Defense+ when set at his highest level, a malware with the same file structure than GIMP could also bypass Defense+
[attachment deleted by admin]