Disable inheritance of Ask access rights between/across rulesets

1. What actually happened or you saw:
I set D+ to Paranoid, enabled monitoring of every activity, cleaned up all the rulesets and defined two on my own (top to bottom order):

  • Chromium.exe set to custom Isolated, tweaked so that “Run an executable” is set to “Ask”
  • All Applications (*) set to “System Applications”
    Upon execution of Chromium, I got no alerts when I opened new tabs in Chromium (ie. when Chromium spawns new processes).

2. What you wanted to happen or see:
I wanted to get an alert instead when Chromium executed new processes.

3. Why you think it is desirable:
There are at least two advantages with such behaviour:

  • user expectations are met: if I set a property to “Ask”, I expect to be asked. Moreover, it doesn’t make sense to have inheritance to extend across rulesets, which are supposed to pertain to different executables. In a sense, matching should be done at the name level for a ruleset as a whole, not the single security areas beneath it.
  • enabling a behaviour that is currently impossible to achieve. As stated above, you can’t have a “catch all” allow ruleset at the bottom, representing the state of an underlying safe system, with a granular and alert-ful ruleset for few selected apps (like web browsers) on top which gives the user full control. Clean PC and Safe aren’t quite the same, because they take into account file rating and they try to auto-learn. Paranoid, from this point of view, is something simpler yet more powerful - no bells and whistles, ultimate control.

From a security perspective concerning Chromium specifically, such ability would give me a feedback in the sense that I would know that every new process spawned by Chromium is done by me, ie. when I open a new tab. No “hidden/background” tabs could be opened because I would see an alert. Or, considering clickjacking on links maliciously associated with a protocol, I would see if other processes are launched. All this cutting out the “noise” given by other D+ alerts, because a bottom allow all ruleset is defined.

4. Any other information:
I’m using CIS 8.2.0.5005 on Windows 8.1 x64 with all the updates.

Thank you for submitting this Wish Request. I have now moved this to the WAITING AREA.

Please be sure to vote for your own wish, and for any other wishes you also support. It is also worthwhile to vote against wishes you think would be a waste of resources, as implementing those may slow down the wishes you would really like to see added.

Thanks again.