A. THE BUG/ISSUE: Programs started from a network share or connected network drive cannot use TCP/IP when CIS is installed (even without activated modules). For details see A7.
- What you did: Install CIS. Reboot. Switch off all modules (AV, FW, D+). Try to start a program from a network share.
- What actually happened or you actually saw: The program did no longer work properly/have network access.
- What you expected to happen or see: Firewall Alerts or allowed access with disabled firewall module
- How you tried to fix it & what happened: disabling all modules, disabling Defense+ permanently
- If a software compatibility problem have you tried the compatibility fixes (link in format)?: no
- Details & exact version of any software (execpt CIS) involved (with download link unless malware): software affected does not seem to matter. For testing I have used Windows’ own: ftp.exe and nslookup.exe found in Windows’ system32 directory. Of course there is no download link for that.
- Whether you can make the problem happen again, and if so precise steps to make it happen: Steps to reproduce: Use any software with network features that works when installed locally (ex. FTP Client) and copy it to a network path \server\share\ftp.exe. It will then either crash or error. “Could not open socket”.
EDIT: reproduce like this:
prerequisites: Administrator access to another computer on the network (in this exaple \server).
Expected output (CIS not installed):
C:>\server\c$\windows\system32\nslookup comodo.com 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: comodo.com
Address: 91.199.212.176
CIS installed:
C:>\server\c$\windows\system32\nslookup comodo.com 8.8.8.8
(null) UnKnown
Address: 8.8.8.8
This also happens on completely fresh installation of Windows & CIS.
EDIT2:
even easier way to reproduce (no need for LAN or a second PC):
works:
C:>c:\Windows\system32\nslookup google.com
fails:
C:>\localhost\c$\windows\system32\nslookup.exe google.com
I have tried this on 3 PCs and it fails everytime when CIS is installed. Please can someone verify this on different Operating Systems. I tried this only on Win7 x64.
- Any other information (eg your guess regarding the cause, with reasons): some bug in CIS’ base modules.
B. FILES APPENDED. (Please zip unless screenshots).:
- Screenshots of the Defense plus Active Processes List (Required for all issues): I am sorry, our company policy does not allow this.
- Screenshots illustrating the bug: I could post a screenshot of an empty cmd window when trying to start ftp.exe but that would not be really useful.
- Screenshots of related CIS event logs: No events are logged, all modules are turned off.
- A CIS config report or file:
- Crash or freeze dump file:
- Screenshot of More~About page. Can be used instead of typed product and AV database version: 5.9.219863.2196 AV: 11236
C. YOUR SETUP:
- CIS version, AV database version & configuration: 5.9.219863.2196 AV: 11236, tried all configs, did not matter.
- a) Have you updated (without uninstall) from a previous version of CIS: no
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: yes - a) Have you imported a config from a previous version of CIS: no
b) if so, have U tried a standard config (without losing settings - if not please do)?: - Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): no, all default
- Defense+, Sandbox, Firewall & AV security levels: all disabled
- OS version, service pack, number of bits, UAC setting, & account type: Win7 x64 SP1, UAC on, Domain Admin account
- Other security and utility software currently installed: none
- Other security software previously installed at any time since Windows was last installed: none
- Virtual machine used (Please do NOT use Virtual box): none
If a screenshot of the active processes is really required I can provide one, if I close all company processes first. Can someone else please try the reproduce steps to see if this is just PCs at our company? I tried different PCs and all had the same problem.
Another good test program is nslookup.exe It just does not resolve any DNS address when started from the network share.
Output:
(null) UnKnown
Address: