Remote desktop connection to system with CIS freezes [NBZ]

Error in firewall rules processing in example of very simple rule set

The bug/issue

  1. What you did: Connect to Windows XP Pro with CIS with remote desktop client
  2. What actually happened or you actually saw: After entering Name/Password remote desktop partially drawn and freezes.
  3. What you expected to happen or see: Expected normal remote desktop behaviour.
  4. How you tried to fix it & what happened: Left only rules in question, turn on logging. Tested on various computers, virtual machines. Nothing was logged concerning this connection (final rule was block all and log for all applications), but changing “block” to “Ask” or “Allow” (and log) “fixes” problem - remote desktop connection works (nothing is logged too).
  5. If its an application compatibility problem have you tried the application fixes here?:
  6. Details & exact version of any application (execpt CIS) involved with download link: WinXP Pro SP2, SP3, fully or patially updated, different phisical and virtual machines. Remote desktop connection - from different machines with WinXP Pro, Linux (Ubuntu).
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: Yes. a) Load and activate attached configuration b) Connect to this system with any remote desktop client
  8. Any other information (eg your guess regarding the cause, with reasons): Bug in firewall rules processing algorithm, I guess…

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug:
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List:
  3. A CIS config report or file: Appended screenshot with firewall rules and configuration file.
  4. Crash or freeze dump file:

Your set-up

  1. CIS version, AV database version & configuration used: 5.0.32580.1142 … 5.3.176757.1236, 7613; AV, D+, Sandbox - Disabled. Firewall - Custom policy
  2. a) Have you updated (without uninstall) from CIS 3 or 4: No
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Yes (where is ‘block all unknown requests’?)
  5. Defense+, Sandbox, Firewall & AV security levels: D+=Disables, Sandbox=Disables, Firewall=Custom policy, AV=Disables
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows XP, SP2-SP3, 32 bit, None in XP, Admin account.
  7. Other security and utility software installed: None
  8. Virtual machine used (Please do NOT use Virtual box): VMware Workstation 5.5.3

[attachment deleted by admin]

Thank you for your bug report in the required format.

Moved to verified.

Thank you