HIPS doesn't ask anything although the rule created by the user forces it

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.

  • Can U reproduce the problem & if so how reliably?: Always.
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
    a. Added a new Custom empty HIPS rule for a file marked as Trusted (is on the Trusred Files List) and Access Rights set to Action->Ask.
    b. Run the file (it must disturb some rule rights e.g. Run An another Executable, access to Keyboard, Monitor or Disk or Protected Files/Fodlers).
  • If not obvious, what U expected to happen: If I add manually a interrogative rule even if the file is Trusted, I should be asked to make a decision (Allow or Block access to the resource). Details on the attached video.
  • If a software compatibility problem have U tried the conflict FAQ?:
  • Any software except CIS/OS involved? If so - name, & exact version:
  • Any other information, eg your guess at the cause, how U tried to fix it etc:
  • Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
    [/ol]

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: CIS 6.2.285401.2860, Internet Security configuration.

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: All, HIPS=Safe, BBlocker=Blocked, Firewall=Custom Ruleset, AV=cloud is off.
  • Have U made any other changes to the default config? (egs here.): No.
  • Have U updated (without uninstall) from a CIS 5?: No.
    [li]if so, have U tried a a clean reinstall - if not please do?:
    [/li]- Have U imported a config from a previous version of CIS: No.
    [li]if so, have U tried a standard config - if not please do:
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Windows 7, SP1, 64bit, UAC=on, admin, VM used & not used
  • Other security/s’box software a) currently installed b) installed since OS: a= None b= None
    [/ol]

[attachment deleted by admin]

Did you also select the option to “Create rules for safe applications”?

My intuition for this says that this is not a bug, but just a question of what needs to be enabled/disabled with the CIS configuration. However, as I do not use the HIPS myself, I cannot comment on many of these.

Thus, I will move this to the HELP board (as I really do believe this is a configuration issue) so that those with more experience can help. That said, if it does become apparent that this is a bug, and not a configuration issue, please send me a PM.

Thank you.

Hello,

As i mentioned here (in a very clumsy way 88)), Trusted Files ignore completly any custom rules. It seems to me that it should check user created rules; ignoring just the last one (the default all apps ask) without the need to enable create rules for safe applications option.

I might be mistaken but i think this worked in v5.x (i.e. trusted or not, my custom created Internet Blocked Group really didn’t have net access at all ;D).

l

::edit::

another idea, another test :stuck_out_tongue:

so, i created a group (poing) - included folder of 3 browsers sleipnir, slimboat, slimbrowser
added it to HIPS - ask all
added it to FW - blocked application

HIPS rule is ignored :-TD but FW one it isn’t! :-TU

Now what i really can’t get it is why one browser goes to trusted files (sleipnir) but the other two (slimboat, slimbrowser) doesn’t. ???