Protected files only protect the "install" user not other users on the system.

When running on a multi user system, OR when running as normal user installing under UAC administrator account “Protected Files” fails to protect for the Normal user(s).

Also the Recycle bin for vista is $Recycle.bin so for the Temp Files this also fails to match.

  1. Your CIS version
    0. CIS_Setup_3.5.54375.427_XP_Vista_x32

  2. Your Operating System (32 or 64 bit) and Service Pack revision
    1. Windows Vista SP1, Enterprise, x32 Normal User / UAC

  3. Other Security and Utility Software Installed
    2. N/A

  4. Step by step description to reproduce the issue
    3. N/A

  5. How you tried to resolve the problem ?
    4. Yes Changed my settings

  6. Upload Memory Dumps on crash if you encounter any
    5. N/A

  7. Attach screenshots to your posts to clarify the issue further
    6. See below text

  8. Any other information you can think of
    7. If your are running multiuser systems please change your Protected files group to the sample on the bottom.

This is the Default install for Internet-Security

File Group 5: [Temporary Files] is defined as --------------------------------------------------------------------------------------- [0] C:\Users\Administrator\AppData\Local\Temp\* [1] ?:\RECYCLER\* [2] C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\*

File Group 8: [Startup Folders] is defined as

[0] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup*
[1] C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup*
[2] C:\Windows\system32\GroupPolicy\Machine\Scripts\Startup*
[3] C:\Windows\system32\GroupPolicy\User\Scripts\Logon*

[b] Change to this settings for own profile.[/b]
File Group 5: [Temporary Files] is defined as --------------------------------------------------------------------------------------- [0] C:\Users[b]\*\[/b]AppData\Local\Temp\* [1] ?:\RECYCLER\* [b][2] ?:\$Recycle.bin\*[/b] [3] C:\Users[b]\*\[/b]AppData\Local\Microsoft\Windows\Temporary Internet Files\*

File Group 8: [Startup Folders] is defined as

[0] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup*
[1] C:\Users[b]*[/b]AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup*
[2] C:\Windows\system32\GroupPolicy\Machine\Scripts\Startup*
[3] C:\Windows\system32\GroupPolicy\User\Scripts\Logon*

Hmm, not here. I have %temp%* which looks pretty much correct.

This only exists on Vista and hardcoding such stuff is generally bad. Using REG_EXPAND_SZ and something like %APPDATA% sounds better to me.

You can’t be sure it’s hardcoded, it just ends up in the policy like this after install.
The installer can “read” this out and “create” it this way also…

I am pretty sure it’s hardcoded at install time, checked the registry entries.

%APPDATA% won’t work that goes to:

That would become:

IIRC that’s just a hardlink on Vista, cannot check ATM. Anyway, the point was the location can change at any time, hardcoding it is bad. It can even be an UNC path pointing to network location.