Detect installers option

Ok, i’m confused now about this feature. Some say it’s to get rid of elevation popup where CIS asks you if you want to Isolate such files or run unrestricted. But i never got a clear answer and i’d prefer to get one from develoeprs who are the only ones who know it 100%.

Detect installers and show privileged elevation alerts

Does disabling this option only mean that it will not show CIS elevated privilege popup for UAC triggering files or does this also mean that any unrecognized file inside a trusted installer (signed by a trusted company) won’t be automatically trusted anymore?

I don’t want popups for elevated rights from CIS but i want it to automatically trust all the files inside signed and trusted installers even if individual files within it aren’t whitelisted yet. Is this possible at the moment?
By the looks of it, if i disable this option i will also lose ability for CIS 6 to automatically trust non-whitelisted files inside otherwise trusted and signed installers…

Replied suggesting GUI text bug report, with query regarding functional bug by PM

I think its the same as previous version i.e if disabled the installers will be automatically sandboxed.

Agreed but the GUI text is misleading. Should say ‘Show alerts for detected installers’. Sound as if by ticking it you are switching detection off

It’s also very hard to test because you need a trusted signed installer that contains files that aren’t whitelisted.
Only this way i could test to be sure.

Correction. It seems that these two things are separated because i found it by pure chance on some other page…

It seems that setting in Behavior Blocker just displays additional elevation warning, because the setting to trust all files inside trusted installers can be found on File RatingFile Rating Settings page.

I can assume that these two settings are trully independent and the one in BB only provides as an additional warning with few more options on how to treat the installer) and the one in File Rating page to automatically trust any file inside trusted (from TVL) installer that may contain files that aren’t whitelisted yet.

Hope this info will help others to understand these settings further…

[attachment deleted by admin]

Yes, the problem is with the text which implies that you are turning off detection. Here is file for validation.

Test file appended


[attachment deleted by admin]