ShipRush is a program we have been using for quite a while to manage our UPS shipments. The latest version of CIS Defense+ will not allow it to run unless it is listed as an exception. Without the exception, even though all ShipRush files were added to my Safe files, ShipRush crashes upon attempting to run it. Putting Defense+ into learning mode (to try to see if I missed a file to mark as safe) also caused the crash. Finally, I took all the same files I had added as safe files and added them to the exception list. That let ShipRush run and function as it should. But I don’t like the idea of adding all those files to an exception list.
Where did you add the exclusion?
If you added it from Antivirus → Scanner Settings → Exclusions, these files will be excluded from AV scans.
If you added them from Defense+ → Defense+ Settings → Execution Control Settings, this doesn’t exclude these files from D+ protection. This setting only excludes files from buffer overflow protection.
Thanks for the explanation. Why would Defense+'s overflow protection cause ShipRush to crash? What is the risk of leaving ShipRush on the exclusion list?
That’s a good question, unfortunately I don’t have an answer for you. Some applications just don’t seem to like having this protection active.
Very likely no risk whatsoever. If you did not get a BO alert when using the software, it apparently does not cause a buffer overflow condition which could be exploited. This protection is more to let you as a user know that there is some improper programming in an application which is causing a buffer overflow. Malware can exploit these overflows, but it does not mean that malware is exploiting the overflow. It is merely telling you there is an overflow, which you can then let the developer of the software in question know that there is something they need to address.