logging enabled for one rule,CIS logs for others [NBZ]

TOPIC TITLE
logging enabled for one rule,CIS logs for others
-Logging was enabled for www.microsoft.com in Network security policy, instead it logged for port 53 rule


The bug/issue

  1. What you did: Created allowed Network rule for microsoft.com and enabled logging.
  2. What actually happened or you actually saw: logging not done for above CREATED rule instead it was do
    done for other rules,for which logging was not enabled.
  3. What you expected to happen or see: not this at least
  4. How you tried to fix it & what happened: No
  5. If its an application compatibility problem have you tried the application fixes here?: no
  6. Details & exact version of any application (execpt CIS) involved with download link: no
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: it is happening
  8. Any other information (eg your guess regarding the cause, with reasons): no idea/gui /logic

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug: yes
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List:
  3. A CIS config report or file.n/a
  4. Crash or freeze dump file:n/a

Your set-up

  1. CIS version, AV database version & configuration used:5.3.176757.1236
  2. a) Have you updated (without uninstall) from CIS 3 or 4: no
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: toally clean install all settings new
  3. a) Have you imported a config from a previous version of CIS: no
    b) if so, have U tried a standard config (without losing settings - if not please do)?: n/a
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):
  5. Defense+, Sandbox, Firewall & AV security levels: D+= disables permanently, Sandbox= n/a, Firewall = custom, AV = Microsoft security essential
  6. OS version, service pack, number of bits, UAC setting, & account type: xp sp3,32,admin/limited both
  7. Other security and utility software installed: Microsoft security essential
  8. Virtual machine used (Please do NOT use Virtual box):not

problem was solved if you move logging rule for www.microsoft.com to just one rule above all block rule

[attachment deleted by admin]

Just curious, have you disabled the DNS client service?

Thank you for your bug report in the required format.

Moved to verified.

Thank you

Dennis