Doubled items in DEF+ rule list

Why are in CIS 5.0.163652.1142 in DEF+ computer security rules
some items doubled ? ( guessed naming - localized CIS )

One of them is with drive letter, like C:\pathname
One of them is without it, like \pathname

Each of them have often different security settings.
Some of executables have just one of above versions.

Edit: seems applies only to CMD files, I have checked all the list.

[attachment deleted by admin]

Could you post a screenshot of this?

Listed CMDs added few days ago by DEF+ popup confirmation
( so not heritage of old CIS versions ).

they are created and used by me.

Could you please check if the rules applied from each path C:\ and \ are the same for one application.

Thank you


At least for some is used predefined system application and for the second custom rule.
My Home PC not handy now, so I will check effective custom settings later.

3rd and 4th item - FastBootSortingC.cmd>

I have checked the one with user custom rules. All items were to ask and protections to inactive. ( strange for me )

When I have checked the one with predefine system application rule and switched its rule to user custom settings to see them, all setting were the same as above ( to ask, inactive ).

while previously running CIS 4.x FW+DEF+, all was OK

I have 3 important notes to CIS 5.0, especially DEf+ part.>

  1. I usually reinstall CIS ( without AV ) in case of major upgrade. But last time I was “cheated” by autoupdate, thinking it is minor update. After reboot i have realized I had CIS 5.0.

  2. since then I had always strange troubles when creating and launching my own CMD, running some executable.
    I had often to make multiple confirmation to override various CIS protections to run CMD smooth.
    Usually by setting it as installer or system application.
    If I had chosen just allow in DEF+ triggered action alerts,
    I had often to allow the same action for the same CMD multiple times.

  3. using Avast AV, it happend time by time a full single core CPU business by CFP.exe, lasting dozens of seconds till minutes ( something like that mentioned in bug reports ). Once or twice I have tried to close and relaunch FW gui ( CFP ? ). After launching it ( as limited user, because it normally runs at my limited account ) I have realize all DEF+ app rules are gone. confirmed several times.

I guess probably the clean install will be good, but until then I wait for eventual investigative cooperation.

BTW I use Comodo FW since W2K and version 2.4, then on vista64 CIS since 3.0 till 5.0

If you click on “Purge” Most Double Items should be gone;

I too have this problem when switching HD’s or installing/exchanging HD’s


Not in my case (checked), because both c:\path\anyfile.cmd and \path\anyfile.cmd are valid records for existing files. there is no problem in deleting them, but why CIS creates them ?

I am used to work in vista 64 Home Premius SP2 under limited account, but keep running Process Explorer under elevated Administrator privileges to be able to manage all processes and able to launch elevated processes without extra providing passwords.

When I deleted DEF+ both duplicate rules for given CMD files, I have realized this>

If CMD is launched by Process Explorer, it triggers DEF+ dialog for launching EXE , recorded as a rule for c:\pathname.

If CMD is launched within limited account, it trigger vista UAC privilege elevating dialog, and than it triggers DEF+ dialog for launching EXE, recorded as a rule for \pathname.

I have checked the order of cmd trial launching does not matter,
neither matter if the other way of launching was already performed or not.