Re: D+ with lack of memory?

I needed to reformat my system and after installing everything clean, I installed CIS last.

I have D+ set to Safe Mode and configuration to Proactive Security. Now, (just for the first time) it asks permissions for things, such as, Control Panel, Device Manager, etc. Things that D+ should not bother users with alerts.

That’s something that has never happened before, with CFP.

Is it happening with anyone else? Maybe it doesn’t with just upgrading, but rather on clean install. No idea.

I’m running Vista SP1.

Best regards

A clean install would mean that CIS has to learn every activity that your system normally does to generate the Firewall and Defense+ rules. You can reduce the alerts level by putting both the firewall and Defense+ into Training mode for a while.

What was your previous mode of D+? What kind of permissions? Do you have them as custom policy? Those programs (like ctrl. panel, device manager, etc. are windows files so in safe mode you shouldn’t get any alerts for those apps except if they want to run other apps.

Yes, I’m aware of that. But, before CIS, I never had this issue with CFP. Whenever a new version of CFP came out, and now CIS, I always perform(ed) a clean install, for clean rules.

I don’t know if it happened with any other previous version of CIS, as I hadn’t any need to use the Control Panel, Device Manager, etc. So, I truly can’t say if it was already happening before.

I know there were and are other issues. Now, about this one, no idea.

But that’s something that shouldn’t be happening, even in Safe Mode, as they are part of the Windows system.

By the way, it is not just with that. I just remembered, that yesterday, a relative was playing some games (those that belong to Windows Vista) and D+ alerted if wanted to allow Explorer.exe from accessing it.

D+ is just totally whacko of it’s head, I guess. No idea.

I guess I’ll set D+ to training mode for a while, even though I like full (to some extent - no paranoid) control of what happens. Just not as much as it is happening. :smiley:

I always had D+ in Safe Mode with Monitor Settings all ticked and Image Execution Control Level to Normal , ever since CFP. Never had this sort of problems, until CIS came out.

As I said above, I don’t know if such issues happened since CIS first came out, as I never had the need to use such Windows system’s apps.

One other thing that I just don’t get is that in one other system, this same situation happens. But, what does not happen, is that, D+ won’t alert me all the time when I start my batch files and cmd.exe tries to access ieframe.dll (something like that). The alerts appear in this system, though. I had to tweak D+ not to bug me with it.

Just odd.

Yes, it is. Defined by USER, as it should, right? At least, I remember it being so.

Pretty much for everything, actually.

Games, Control Panel, when opening word, excel, access, etc. documents within folders. I think it would be normal if such docs where going to be opened from within a zip file or something like that, even from e-mail. Now, I do not remember such thing in CFP. Might be just me, but, I’m pretty sure I never had this sort of issues with D+.

It is acting as if it was in Paranoid Mode, actually.

Yes, I considered CleanPC Mode, but since I use a USB device to connect to the Internet and Safe and Paranoid Mode are the only 2 who only asks if I want to allow Explorer.exe from accessing it. Other lower modes give way too many alerts. I don’t need all that bugging.

When you were just upgrading CIS, it had all the application rules that you had developed over time, so it did not ask stupid questions. With a clean install, it assumes that everything is potentially not allowed. Safe Mode or Clean PC mode both state “policy is applied”. For a new install you don’t have any policies, so you get a lot of questions that are designed to create those policies. A simpler way to handle the alerts is Training Mode, which basically creates policies by assuming that all actions are allowed. With a clean install, that is safe enough, but you may want to change to a higher level of security after a couple of days. If you install new software, you might want to switch to Training Mode again to avoid a bunch of alerts while you try it out.

Yes, I’m aware of that, but the thing is that, I always made clean installs of CFP and now CIS. I know, for a fact, that in Safe Mode, I never had such issues with CFP. With CIS, is a totally different story.

Anyway, I’ll reinstall it (CIS) and leave it to training mode for a while, then apply Safe Mode and tweak the settings. I guess it is the only way to work this out.

You are running the “Most secure/Most Alerting” profile “Proactive Security” these are all “normal” alerts for this profile.
If you would like to ease this you can go back to “Internet Security”.

For the .dll alert, there seems to be a bug there.
I have the same problem, sometimes you get multiple alerts for the same application that it’s trying to access the protected file … some .dll file, if you allow it it will write multiple rows in your policy for the same file.

Can you check and see if you have these multiples in your policy ?

For the .dlls, yes. Well, not anymore since I replaced C:\ with C?. That seems to do the trick.

Seems like we met before :wink:
I reported it and they are looking in to it, has something to do with ProActive settings though.

What does that do?


If you run ProActive security there is the possibility of saving duplicated entries for .dll files under the “protected files and folders” for some applications, which means that there is something wrong with how CIS reads these from the policy, they fail to do correct for .dll’s other wise it would not prompt you again for something that is already there.

You can workaround this by changing the path for the .dll entry from c:\some folder\some.dll to c?\some folder\some.dll looks like there is something wrong with the file path filtering.

Yes, that is it. One other way is to just block access to protected files and folders and just allow X application from accessing it’s own files and folders. Of course, some need other accesses, such as AVs and ASs.

That was my next move. Having to place C?\ in all entries, for each application that demands it, it gets boring. :smiley: