Thanks for getting back. The script itself is not blocked but when I execute it, Login fails. Like I have mentioned, script uses CURL to access the local http://localhost/… to login to the router. This bit fails.
Without CIS, I can login successfully and reboot the router.
Thanks futuretech. I did try excluding my script itself and also couple of executables including what you have mentioned bash, ssh, curl, perl, etc… but no joy!
But then I thought why not exclude the entire GIT folder. When I tried it, Voila! It worked. Later I drilled down to isolate executables and it boiled down to just bash.exe in a different subfolder. Please see attached.
Thanks for all your help. I really appreciate it!
The above does help my cause but on a broader prospective it is dangerous to let go an executable which can be exploited. Isnt it? Can there be no simple solution like just excluding my script under shell code injections? This way it will be a lot safer. Please let me know if this is a possibility.
It will be fine as many exploits just attempt to download and execute malware or run embedded commands which will still be caught by HIPS, VirusScope, and auto-containment depending on how you have CIS configured. Also the name if that setting is misleading as CIS no longer detects shellcode injections from buffer overflow exploits. All this setting does is tell CIS not to inject the guard.dll into the listed applications. Also a script is just a normal file that contains commands to be processed by an interpreter which is the actual executable that carries out the commands.