Defense+ keeps asking in MinGW build process [Issue Report]

Defense+ keeps asking in MinGW build process

OK, I am a developer and using the GCC/MinGW tool suite under Win32 (from Whenever I build application that use the MinGW “make” application which itself may call applications like “makedir.exe” to create output folders find myself in an endless loop of CIS/Defense+ asking me a million times for temprary batch files created by MinGW/make.

I’ll try to explain what happens:
1.) I call a Makefile that will call other applications e.g. for creating directories, grabbing version information or alike.
2.) MinGW/make will create temporary Makefiles during the build (usually something like make-1234-1.bat) in the TEMP folder with a random number.
3.) These batch files will call sub-steps of the compilation, e.g. another makefile, the compiler or alike. It even will create “protected” files" like DLL’s or applications in the build process.
4.) As the parent application (the batch Makefile) always changes, CIS/Defense+ keeps asking me what to do (see images MinGW_build_1.png and MinGW_build_2.png attached). This never ends and massively slows down the build process in addition.
5.) I have a bunch of rules created (DefensePlusRules.png) all not applicable next time, as the names of the batch files are random.

For the moment I always have to disable Defense+ whenever I build applications using make. This is rather annoying, so my question is: (How) can I create a (one) rule that manages this CORRECTLY?

Files appended

  1. Screenshots illustrating the bug: Appended
  2. Screenshots of related CIS event logs or the Defense+ Active Processes List: Not applicable
  3. A CIS config. report or file: Not applicable
  4. Crash or freeze dump file: Not applicable
  5. Screenshot of More~About page: Appended

Your set-up

  1. CIS version, AV database version (See screeenshot) configuration used: Internet security
  2. Ave you made any other major changes to the default config (eg ticked ‘block all unknown requests’, other egs here.): No
  3. Defense+, Sandbox, Firewall & AV security level: D+=Safe, Sandbox=Disabled, Firewall=Custom policy, AV=Stateful
  4. OS version, service pack, number of bits, UAC setting, & account type: Windows XP, SP3, 32 bit, None in XP, Default user (non-admin) account.
  5. Other security and utility software installed: Nothing
  6. Virtual machine used: Not applicable

[Edit: More precisely explain the screenshots.]

[attachment deleted by admin]

You have two ways to stop this.

Easy way use installer/updater policy for the application which starts the temp file.

Or create a group in File Groups/Protected Files and Folders for \full path\make****-1.bat and use this group in Defense+/Computer Security Policy.


Thanks a lot for the FAST answers!

This seem not wise in my case, as the parent application is usually cmd.exe which would result in a security risk IMHO.

I’ll try this and hope that the scheme does not change (actually it should be “make****-*".bat”). If it doesn’t work, I’ll report back (I have nothing to build for the moment… ;-)).

Just reporting back anyways to tell it’s working. So - if anybody is in the same trouble, that’s how to solve it. :wink:

Thanks again…

Thank you for your Issue report and posting back that the fix worked for you.

I have still moved it to verified as there should really be a help section for this or a easier way to do this.

Thank you