A. THE BUG/ISSUE (Varies from issue to issue)
Can U reproduce the problem & if so how reliably?:
Yes, every time.
If U can, exact steps to reproduce. If not, exactly what U did & what happened:
- Make an application which has to be detected by heuristic command-line analysis. Use a very long filename. Possible formats: *.js, *.vbs, *.wsf, *.hta, *.jar, *.chm, *.msi. I have attached an example.
- Just run it.
One or two sentences explaining what actually happened:
The script executes with no restrictions. If the name is shortened it will be restricted.
One or two sentences explaining what you expected to happen:
Defense+ has to control scripts regardless of the filename.
If a software compatibility problem have you tried the advice to make programs work with CIS?:
Any software except CIS/OS involved? If so - name, & exact version:
Any other information, eg your guess at the cause, how U tried to fix it etc:
I have tested various formats, and the result was the same: when the path is longer than 130, command-line analysis fails (except batch files). It is specific for the version CIS 7.
B. YOUR SETUP
Exact CIS version & configuration:
Configuration: Proactice Security
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
“Do not show alerts: Block threats”
“Don not show popup alerts”: disabled
“enchanced protection mode”: disabled
the rule for explorer.exe: allowed application
“heuristic command-line analysis”: enabled
Website filtering: enabled
Have U made any other changes to the default config? (egs here.):
AV: “Do not show alerts: Block threats”
HIPS - “enchanced protection mode”: disabled
Have U updated (without uninstall) from CIS 5 or CIS6?:
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
The same problem occurs on Win7x86-SP1 (real), UAC is enabled
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
[attachment deleted by admin]