Seems like it was fixed?
Doesn’t appear like it though. My test program still works without any prompts, in Safe Mode.
PS: They got the credit wrong, it was you who reported it.
Unbelievable :o
I wonder what about 3.13 but build .573 ??? (first 3.13 was build .572) – nevermind: not a sign of a related recurring(?) fix under release notes :-\
“It is normal” (c). Real code that bypasses protection is not comparable to mine “report”.
Hi,
with “in safe mode” are you talking about windows being in safe mode ?
eXPerience
Obviously wj32 meant Safe mode of Defense+.
Please someone kill me… :-X
eXPerience
It is because that tool tries to modify an unprotected key’s permission. It tries to add a new type of user to HKLM key which is not protected by CIS by default. You can test it by adding HKEY_LOCAL_MACHINE to your your protected keys list. In this case CIS will show an alert.
We do not include HKEY_LOCAL_MACHINE in protected keys by default. This type of atack can be more pronounced when it is used to disable some of the system services or drivers security software like CIS has.
Ah, I see. Thanks for the explanation.
EDIT: Confirmed, I just tested it with HKLM in protected keys, and it is protected.