A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary: Pls give a clear summary in the topic title, NOT here.
- Can U reproduce the problem & if so how reliably?: No, Random, occurs maybe once a week. Please see [145] [137] for previous rating failures with different executables.
-
If U can, exact steps to reproduce. If not, exactly what U did & what happened:
a. Received multiple HIPS alerts for Firefox and Outlook (trying to execute Firefox). HIPS is on but set to safe mode.
b. Opened Killswitch from Advanced tasks ~ Watch activity
c. Noted Firefox.exe was running Rating=blank, Restriction=Disabled
d. Noted a second, previously opened, instance running trusted
e. Concluded that HIPS alerts were due to one instance of Firefox running not trusted - If not obvious, what U expected to happen: Should be trusted as it is signed - I have verified this. I also did an enhanced check using sigcheck and all signatures are current and valid.
- If a software compatibility problem have U tried the conflict FAQ?:
- Any software except CIS/OS involved? If so - name, & exact version: Firefox.exe version 18.02 (if not updated since it happened)
- Any other information, eg your guess at the cause, how U tried to fix it etc: Problem resolved on reboot. Possible recurrence of intermittent file rating issue [145] [137], as I noted that Dragon was running with blank verdict in sandbox shortly afterwards.
-
Always attach: Diagnostics file, Watch Activity process list, (dump if freeze/crash).
If complex: CIS logs & config, screenshots, video, zipped program (not malware).
[/ol]
B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: CIS 6.0 Build 2674, Proactive
- Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: All, HIPS=safe, BBlocker=Limited, Firewall=Safe, AV=cloud is on
- Have U made any other changes to the default config? (egs here.): No other major changes
-
Have U updated (without uninstall) from a previous version of CIS: No
[li]if so, have U tried a a clean reinstall - if not please do?:
[/li]- Have U imported a config from a previous version of CIS: No
[li]if so, have U tried a standard config - if not please do:
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, & virtual machine used: Windows 7, SP1, 64bit, UAC=off, admin, VM not used -
Other security/sandbox software a) currently installed b) installed since OS: a) None b) None
[/ol]
Link to file on FTP server:
ftp://82.69.43.252/CisReport_v6.0.264710.2708_20130209-093028.zip
User name and password as before, please see Mod’s new products preview board ~ password sticky, if you have misplaced.
[attachment deleted by admin]