How to make execution of java applications trusted

I have a Java64bit.bat file that sets up environment for Java, such that it runs command line, adds temporally Java SDK bin folder to PATH and changes a folder to my working folder. In this environment I test new applications by compiling and executing them using Java compiler and Java VM. My applications are always in specific folder: D:\Java*, sometimes it is D:\Java\Test*, sometimes D:\Java\Working* etc.

I cannot find the way how to tell CIS to trust or ignore all my new complied applications. Currently, CIS adds them to File list and set Untrusted. The perfect solution would be if CIS would not add them to file list automatically. That would spam the list quite quickly.

What I did so far was I added Java64bit.bat to HIPS Rules, set its Access Name “Run an executable” to Ask but Excluded folder: “D:\Java**.class”. So far, CIS doesn’t ask if I want to run java applications from this folder. However, CIS still does not trust my applications. As mentioned, CIS automatically adds them to File list and set Untrusted.

How can I set CIS to trust java applications in specified folder. Please note that java applications are tun inside my command line environment I open by user created bat file.


Ok. I have tried to disable one by one and then both AUto-Sandbox and then HIPS but CIS still add new applications to Untrusted list when I try to run them using java.exe

I am really left out of options.

If you really want that, make sure it’s created by a trusted application which is treated as “Installer or Updater” in HIPS.

Hope it helps.

hi and thanks for answer.

I would rather avoid setting up java.exe as Installer.

I have just installed Eclipse. The problem is partially solved in the sense that somehow CIS does not add new compiled files generated under the Eclipse environment to the list of Untrusted files.

I did not set Eclipse as an Installer or Updater! Eclipse uses the same java files for compiling and running my applications. So How is it possible that CIS trusts Eclipse and new created files under eclipse?

Most likely because you have trust files installed by trusted installers enabled under file rating settings and eclipse is rated as a trusted/installer. You can see what it is rated as when you run eclipse and view the its rating under the rating column in active process list task.

Yes those options are set, indeed.

I am too afraid to set java.exe or javac.exe as a Installer or Updater in HIPS. Probably nothing would happen but I don’t have enough knowledge to risk this. I was just wondering if I can have this scenario:

  • I execute everything in console which I open using Java64bit.bat file (sets PATH and CLASSPATH locally, change current folder etc.)
  • I set all programs I need (java.exe, javac.exe etc.) as Installer or Updater only for this environment
  • I restrict that java.exe can execute application files that are created by javac.exe in a folder I specify


Just wondering. Why not compile applications with a renamed version of java? Sounds like a quick workaround. :slight_smile: