A. The bug/issue
1. What you did:
I run a Webserver on my host (10.1.1.1/24:80). Global rule allows incoming traffic on TCP/80. No application rule for webserver.exe exists and Firewall alert frequency level is set to “Very high” - all checkboxes checked except “This is an…ICS Server”. Now I connect from client 10.1.1.2. Alert pops up saying “10.1.1.2 - TCP, Port 80 wants to connect to webserver.exe” and I click “Allow this request” and tick “remember my answer”. CIS now auto-creates an IP MASK rule for 10.1.1.2/255.255.255.0 instead of a rule for just the one SINGLE HOST 10.1.1.2/32. When I don’t check “remember my answer” CIS acts the same way (all subsequent inbound connections to TCP/80 are automatically allowed!) - it just does not create a rule (of course).
2. What actually happened or you actually saw:
CIS creates a IP Mask based rule instead of a Single IP rule in “Very high” alert level for inbound connections.
3. What you expected to happen or see:
“Very high” FW alert level should create a rule/notify me for every different Endpoint (IP:Port)!
4. How you tried to fix it & what happened:
There’s no way to fix this from the user side since years.
5. If its a software compatibility problem have you tried the compatibility fixes (link in format)?: –
6. Details & exact version of any software (execpt CIS) involved (with download link unless malware): –
7. Whether you can make the problem happen again, and if so exact steps to make it happen:
see description “What you did”
8. Any other information (eg your guess regarding the cause, with reasons):
This bug does exist and is known since v3+ already and everything has been described here long time ago:
B. Files appended. (Please zip unless screenshots).
C. Your set-up
CIS version, AV database version & configuration used:
CIS 6.0.260739.2674, AV 14605
a) Have you updated (without uninstall) from from a previous version of CIS: no
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
a) Have you imported a config from a previous version of CIS: no
b) if so, have U tried a standard config (without losing settings - if not please do)?:
Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):no
Defense+, Sandbox, Firewall & AV security levels: D+= CleanPC, Sandbox=Disabled , Firewall = Enabled, AV = Enabled
OS version, service pack, number of bits, UAC setting, & account type:
Windows 7 Enterprise English Service Pack 1, UAC=off, Administrator account
Other security and utility software currently installed: no
Other security software previously installed at any time since Windows was last installed: no
Virtual machine used (Please do NOT use Virtual box): no