I have an HDD utility that is not in Trusted files, nor in Sandbox. I always keep Defense+ is in Paranoid mode.
Every time I run this utility, a Defense+ alert pops up telling me that the utility wants to access the disk directly. This is the behavior I expect and happy with. Then I click “Allow this request”, “Remember my answer” is not checked.
However, if I run this utility straight after Windows has loaded, there are no alerts from Defense+. The utility functions fine, is not placed in Sandbox or restricted by CIS anyhow.
My question:
Is CIS protecting the computer while it is still loading? From what I read in the manual, it should. But if so, why does it allow the HDD utility to run without any alerts while most software is still loading, and shows alerts if the same utility is launched later?
CIS v 5.12
Windows XP 32 and Windows XP 64 (same behaviour of CIS on both computers)