Random Temporary .bat Files Need to Be Trusted [Issue Report]

The bug/issue

  1. What you did: my IDE creates random, temp .bat files, like makennnn-n.bat where n is int in my user temp dir. I just need the wildcard/regex code to make these randomly generated, temporary .bat files trusted. Otherwise I have to go to training mode while I am online and running various apps.
  2. What actually happened or you actually saw: CIS flags these .bat files as unrecognized and I have to allow them every time. When I tick “Remember my answer” then CIS takes off with 50% CPU for about five minutes.
  3. What you expected to happen or see: nothing
  4. How you tried to fix it & what happened: I have tried making these Trusted files:
    M:\Users\shawno\AppData\Local\Tempmake.bat
    M:\Users\shawno\AppData\Local\Temp\make*.bat
  5. If its an application compatibility problem have you tried the application fixes here?: n/a
  6. Details & exact version of any application (execpt CIS) involved with download link: n/a
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: define Trusted files as in (4) above then generate random, temporary makennnn-n.bat file and see if it gets checked by Comodo or allowed – it always gets checked i.e. blocked
  8. Any other information (eg your guess regarding the cause, with reasons): I think I just need the correct wildcard/regex string to allow random temporary .bat files, for example:
    M:\Users\shawno\AppData\Local\Temp\make1294-1.bat
    to always be trusted by CIS.
    I guess the fact that it takes about 5 minutes at 50% CPU to add a trusted file is an issue, but for now I would just like the regex string please.

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug: attached

Your set-up

  1. CIS 5.3 latest
  2. Updated from 4 but don’t like idea of reinstalling entire app for my issue
  3. No config import
  4. No major changes
  5. D+= safe, Sandbox= disabled, Firewall = safe, AV = not installed
  6. win7 sp1 64-bit no uac
  7. eset nod32
  8. Virtual machine used n/a

I thank you. Shawn

[attachment deleted by admin]

If you wish to use wildcard entries you need to create a new group in File Groups (Defense+/ Computer Security Policy/ Protected Files and Folders/ Group/ Add) and add you entry to your new group.

After adding the new group you can use it in Computer Security Policy and Network Security Policy.

Dennis

Exactly…I have made the following groups already:
M:\Users\shawno\AppData\Local\Tempmake.bat
M:\Users\shawno\AppData\Local\Temp\make*.bat

trying to get CIS to trust files temporary files like this:
M:\Users\shawno\AppData\Local\Temp\make1294-1.bat

but CIS still pops up warnings. I need the proper syntax for the new group. Would you know it?

Shawn

What security policy did you give the group? Installer or Updater should work.

Please try

M:\Users\shawno\AppData\Local\Temp\make*-*.bat

or
M:\Users\shawno\AppData\Local\Temp\make*-1.bat

So far no luck with both your regex ideas and mine, and making them all “Installer or Updater”. Been doing some testing, but it takes CIS about ten minutes to load new entry into Computer Security Policy, so I get distracted. Anyway, CIS has predefined group containing %temp%* called Temporary Files. This group would contain all my batch files. Can’t see how the group is applied. Maybe CIS hardcoded to check EVERYTHING in temp dirs, which makes sense. This could override our attempts to make Installer level group containing batch files. I may have to redefine my system temp dir. I’ll let you know how I get on… Installing CIS update now…

I made the root level parent application i.e. my IDE i.e. Qt Creator i.e. qtcreator.exe an “Installer or Updater” and left the wildcard policies in place for the .bat files. I am now able to run the .bat files through the IDE without CIS squawking while in Safe Mode. I may not need the wildcard policies but going to leave them anyway.

I thank you.

Shawn

Thank you for your Issue report.

Moved to verified.

Thank you

Dennis