Firewall doesn't remember settings for apps not available when it starts [NBZ]

sorry, here it is in the requested format

  1. What you did:
    I run a couple of apps from a TrueCrypt container. These are not available at system/firewall startup because the container isn’t yet mounted.
    When I start some app, firewall shows a popup asking what to do. I select ‘Treat this application as trusted’ + ‘Remember my answer’.

  2. What actually happened or you actually saw:
    When I reboot the system, mount the TrueCrypt container (always as the same drive letter) and start the same app from it, firewall again asks what to do - settings for the app are not remembered.

Once mounted, the TrueCrypt container appears as a local disk in Windows Explorer, not as removable.

This doesn’t happen for apps available at system/firewall startup, like those in \Program Files\

  1. What you expected to happen or see:
    I expected once entered, settings to be remembered.

  2. How you tried to fix it & what happened:
    Have no idea how to fix it, nothing.

  3. If its an application compatibility problem have you tried the application fixes here?: N/A

  4. Details & exact version of any application (execpt CIS) involved with download link:
    It happens for any app not available at system/firewall startup

  5. Whether you can make the problem happen again, and if so exact steps to make it happen:
    repeat steps 1 and 2

  6. Any other information (eg your guess regarding the cause, with reasons):
    I guess settings for apps not available at firewall startup are ignored. Maybe when the FW reads its config, it checks if the files for which there are rules exist ( and probably their size or something ). If an app isn’t there, rules for it are ignored. If the app later appears, FW doesn’t check again the saved rules but uses those in memory.

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug:

  2. Screenshots of related CIS event logs and the Defense+ Active Processes List:

  3. A CIS config report or file.
    exported config is attached

  4. Crash or freeze dump file:

Your set-up

  1. CIS version, AV database version & configuration used:
    CIS 5.3.176757.1236, Virus signature 7801

  2. a) Have you updated (without uninstall) from CIS 3 or 4:

  3. a) Have you imported a config from a previous version of CIS:

  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):

  5. Defense+, Sandbox, Firewall & AV security levels:

  6. OS version, service pack, number of bits, UAC setting, & account type:
    XP sp3 Pro 32-bit US-English, admin account

  7. Other security and utility software installed: None

  8. Virtual machine used (Please do NOT use Virtual box):
    It’s a physical machine

[attachment deleted by admin]

We would very much appreciate it if you would edit your first post to create an issue report in line with the bug forum guidelines and format here. You can copy and paste the format from this topic.

To understand the reasons why we ask you to follow these guidelines please see below.

Bugs/issues can be impossible or very time consuming to fix if developers don’t have enough information to reproduce them. Since CIS is free, development time is limited. So if you want your issue fixed, please use the format below to describe it.

To avoid clutter, issues not described in the format below your post will not be moved to the ‘moderator verified’ issues topic. This means that the developers may not look at it.

Best wishes and many thanks in anticipation


We really would very much appreciate it if you would edit your first post to create an issue report in line with the bug forum guidelines and format. You can copy and paste the format from this topic.

Thank you


I tested copying one of the apps to C:\ drive.
After setting rules on first run, FW remembers them and doesn’t prompt again after a reboot.
So it seems sure the problem is in that the .exe isn’t available at firewall startup.

By design, external media is untrusted. If a volume needs to be mounted, it’s basically external media.

Thank you for your issue report.

Moved to verified.

Thank you