Protected paths starting with ?:\ won't apply to USB Mass storage Devices - CIS 3.13.121240.574

OS: Windows XP SP3 32bit updated to the latest post-sp3 Service packs.
CIS Version: 3.13.121240.574
D+ configuration: Comodo Proactive Security Defaults
D+ mode: Safe mode

[ol]- Some protected paths in My protected files defaults include a leading ?:\ wildcard to specify all drives (C:, D:\ , etc.) though D+ was unable to trigger “Protected File/Folder” access rights alerts for paths that pertained USB removable devices (USB-key disk).

  • All applications policy blocked section of “Run an executable” access right include a ?:\Recycle?* rule though D+ is unable to silently block execution of application launched from paths that pertained USB removable devices (USB-key disk) but will display execution alerts.

  • Non removable HD are not affected. I’ve not tested if other access rights that apply to USB removable devices paths might be affected

If an USB removable device is assigned a drive letter (eg. I:):

  • It is possible to use a notepad application to create a new I:\autorun.inf without alerts.
  • Launching an application whose path is I:\Recycled\app.exe will trigger an alert regarless if a related “All applications” rule is meant to silently block execution from ?:\Recycle?*

A workaround tested only on XP involve the use of \Device\Harddisk?\DP(?)\ to create additional entries with a replaced ?:\ whereas this appear to match only USB Mass storage Devices (eg adding \Device\Harddisk?\DP(?)\autorun.inf to My protected files and \Device\Harddisk?\DP(?)*\Recycle?* to All applications blocked exceptions) and not non-removable HD

Issue reconfirmed testing CIS 3.13.126709.581 on an XP32 setup.

Issue reconfirmed testing CIS 3.14.129887.586 on an XP32 setup.

Issue reconfirmed testing CIS 3.14.130099.587 on an XP32 setup.