Office 2010 Starter and CIS


just wanted to mention that I encountered a problem on a customer’s system.

It is a new system, factory defaults, with pre-installed office 2010 installer (click and go), where on first launch you can choose to purchase or to use the free starter version.

I installed CIS, and then, when the customer decided to use office 2010 starter, we chose that option. It installed the starter version, and a virtual drive was created by MS. that drive is not accessible, though, and not visible within the CIS GUI.

Now, each time the Word 2010 Excel 2010 executable is being launched, it is being sandboxed, and the user has to agree to the license agreement each time and the program is stuck. It has something to do with that virtual drive I guess. clicking on “not sandbox again” has no effect, since next launch it is sandboxed again. And although it is trusted application, it is still being sandboxed.

Sorry if this has been asked before, I did not find it.

Thanks for any information

Try this…

Defense+ → Computer Security Policy → Add → find *.exe and select Use a Predefined Policy: Installer or Updater → Apply.

Please note that the asterisk should be the name of the .exe that is getting sandboxed. You definitely do not want to give *.exe the Installer or Updater policy! The asterisk is a wildcard character, and the net result would be that you have just given all .exe’s the Installer or Updater policy.

You can also go to Defense+ → Trusted Files and add the .exe while you have the option, Use file names instead of file hashes (not recommended) selected. This way, you aren’t giving the .exe the powerful Installer or Updater policy, but you are allowing CIS to trust the file based on its file path instead of its file hash.

Click-to-run products are installed by MS on a virtual partition and their file system is virtualized. They are based on MS core virtualization and streaming technologies. That is the reason why CIS can’t access and remember Office Starter files.

Lots of discussion here…

This is a known issue on the Known issues list under ‘Other issues’ at point 2.

There is a provisional resolution linked to in the list.

Best wishes


Hey it turns out that this issue is just the Sandbox not Defince+.

I tried everything to get this to work. Changing permission on folders and files, including all of the files on the system drive in the Defince+ trusted list, creating trusted rules for the services running but nothing worked.

Every time I turn on the Sandbox this issue shows up but if I turn off the Sandbox the issue goes away.

I hope this helps!