Programs treated differently if remembered as user vs admin?

Programs treated differently if remembered as user vs admin?
Can you reproduce the problem & if so how reliably?: Reliably

If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Set HIPS to paranoid
2: Run cmd unprivileged, configure/remember as Allowed Application
3: Run the following command: cmd /v /r /x C:
4: Allow/remember cmd.exe to launch chkdsk.exe
5: Configure/remember chkdsk as Windows System Application
(chkdsk fails, says you don’t have permission–this is normal)
6: Run cmd privileged (As admin)
7: Rerun the command in step 3
(chkdsk fails again, same error as earlier–this is not normal)

One or two sentences explaining what actually happened: chkdsk failed with the error message produced after step 5 (Remember that chkdsk -is- being run elevated):

Access Denied as you do not have sufficient privileges.
You have to invoke this utility running in elevated mode.

One or two sentences explaining what you expected to happen: I expected chkdsk.exe to fail, then ask me to schedule it for the next boot. It should fail, but because the disk is in use–not because I don’t have permission, because I do!

Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)

If a software compatibility problem have you tried the advice to make programs work with CIS?: No. I found a workaround on my own.

Any software except CIS/OS involved? If so - name, & exact version: none

Any other information, eg your guess at the cause, how you tried to fix it etc: Not sure; if it’s trusted as a Windows System Application as the user, I would expect it to also use those settings when later elevated, but that does not seem to be the case.

So far the workaround is to remove any existing rule for chkdsk.exe, run cmd as Admin, run chkdsk, then configure/remember chkdsk as a Windows System Application.

I tried a couple other permutations; namely remembering chkdsk as an Allowed Application both when privileged and unprivileged; neither got me that scheduling prompt.

My Setup
Exact CIS version & configuration:

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
D+/HIPS: Paranoid
Sandbox/BBlocker: Disabled
Firewall: Custom Ruleset
AV: Disabled

Have you made any other changes to the default config? (egs here.):

Have you updated (without uninstall) from CIS 5 or CIS6?: No

Have you imported a config from a previous version of CIS: Previously, yes, but I’ve since restarted from scratch

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Windows 7 x64 Enterprise SP1, default UAC, normal account is Admin, not a VM

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:

Can you please attach your diagnostics file (instructions on how to do this provided here) and the KillSwitch Process List (instructions on how to do that provided here and put the resulting file in a zip file. Then attach the zip file to your bug report

I will forward this bug to the devs once you attach those files.


PM Sent

Since nmalinoski has not attached the requested files im going to move this to incomplete. Feel free to later add the files and i will forward this to the devs.