Hello:
Recently, I have noticed that Defense+ alerts many, many times during the installation of a program, this despite going into install mode and giving permission with remember. Is this normal? Is there a way, short of turning CIS off, of reducing the number? This happens regardless of the tray setting for Defense+, even when it is disabled!
FYI I am using Win 7 HP 64-bit, CIS ver. 3.14.130099.587.
Thanks in advance.
Sparky
What alerts do you get? If the programs install drivers or services you will get alerted despite setting it to Installation Mode. That is by design.
Hello:
Here’s an example of the latest case: I received somewhere between 30 - 50 alerts when installing this program!
Here’s the download location: Download MediaInfo_GUI_0.7.28_Windows_x64.exe (MediaInfo)
The source is also found there if you want to look at it.
Thanks.
Sparky
[attachment deleted by admin]
I used Updater/Installer policy and it installed smoothly with just several alerts. Why are you not using Updater/Installer policy?
Hello:
I did - several times - but nothing changed!
A question - were you using the 64-bit version with the 64-bit version of Win 7 Home Premium?
Sparky
Further To My Last:
I just tried to edit a file with UltraEdit - Before I could do so, I received about 30 - 50 (I lost count!) before I could do so - all (I think) requesting access to Microsoft Explorer!
Sparky
I am on Win 7 32 bits.
Was UE asking to access Explorer in Memory?
I believe it was! When I was using XP & CIS 32-bit I don’t believe I had this problem! Would it be worth my while to install the 32-bit version of CIS? If so, do I uninstall the 64-bit or install over it?
Thanks again.
Sparky
Hello:
Further to my last - I was installing a new version of a program, received many, many Defense+ alerts for Explorer in Memory - on a hunch I changed the “Remember” option to unchecked - all of the alerts STOPPED!
I don’t know if they just finished anyway or if that stopped them. Is it possible, on the 64-bit version, that the Remember option is programmed backwards?
Thanks again.
Sparky
It surely comes across as a reverse function. Can you check for me that these rules were actually stored? Go to Defense + → Advanced → Computer Security Policy → look up the mentioned new program and select it → Edit → Access Rights → look up Interproces Memory Access → push the Modify button behind and see if the consents are stored.
Hello, Eric:
Here’s what I did (I’m not certain that I understood exactly what you expected for me to do when you instructed “push the Modify button behind and see if the contents are stored.” However, here’s what I did:
Opened CIS|Defense+|Advanced|Computer Security Policy|selected Ultraedit|Edit|Access Rights| - I took a shot of this panel and attached it - I also attached the panel that came up when I clicked Modify.
First time I executed Ultraedit (never any change in the settings on either panel) I unchecked the permissions and I got 1 Orange Alert for “Protected com Interface” - which I allowed - and 1 red alert for accessing explorer in memory, which I also allowed.
Second time I executed Ultraedit (never any change in the settings on either panel) I checked the permissions and I got 1 Orange Alert for “Protected com Interface” - which I allowed - and 15 red alerts for accessing explorer in memory, which I also allowed.
There certainly is a difference between the two, I don’t know about the two panels you asked about, but leaving the block unchecked seemed beter. But, why does it do this every time?
Thanks again.
Sparky
[attachment deleted by admin]
Are you running UE from a USB stick?
Hello:
No.
Sparky
Hmmm. Odd.
The only thing I can think of right now would be to try a clean install to see if that would clear things here or not.
When doing a clean install you can export your active configuration, to import after the install, using Manager My Configurations (under Miscellaneous); make sure to save to a folder that is not part of the CIS installation folder so it won’t be deleted during uninstalling.