Screenshots of related event logs or the active processes list:
A CIS config report or file.
Crash or freeze dump file:
Your set-up
CIS version, AV database version & configuration used:
Latest update
5.0.163652.1142
virus sig database version 6260
Stateful, safemode, safemode
Diagnostics tool does not find an error with my setup.
Whether you imported a configuration, if so from what version:
Defense+ and Sandbox OR Firewall security level:
OS version, service pack, no of bits, UAC setting, & account type:
Other security and utility software running:
Virtual machine used (Please do NOT use Virtual box):
If I re-add the program to the trusted files it seems to remember it’s ok and doesn’t pester me for “allow action” … but the original one is still listed there.
Thanks very much for making your report in standard format. To fix it we’ll need some information that you have not yet included. We would be very grateful if you would edit your first post to include it.
A) About your software.
i) Is it frequently compiled or changed? ii) Please supply a screens shot of the alerts
B) The answers to questions ‘Your setup: 2-6’ in the format
c) A screenshot of your D+ event logs and your active processes list. The latter when the alert is being displayed.
Does CIS remember the program until you reboot or log off your Windows? And it had forgotten after you rebooted or logged back in? Is the program on ran from a disk on a network share?
Having looked at this again I think this is probably a settings issue.
If you look in Computer Security Policy ~ D+ rules, you should find a rule for explorer.exe. If you look at the protection settings tab, you have probably got ‘interprocess accesses’ set to ‘ask’. Protyections settings over-ride permissions, so setting the file trusted won’t help this problem.
For the moment I will transfer you to help so you can work through this issue and hopefully resolve it. Please ask any mod to move this report back to the bugs forum if it becomes clear that it is a bug/issue.
Hello. I’m having exactly the same issue. I’m getting thousands of Defense+ events for Access Memory issues where Anvir.exe (a trusted file) is targeting Explorer.exe.
I’ve gone through the Computer Security Policy, found Explorer.EXE, edited the policy, and allowed all of the “Access Name” items. I also tried adding an exclusion for the program with the issue (Anvir.exe), but that didn’t work either.
Note: when I view Anvir.exe in the “View Active Process List”, it shows as partially limited but I can’t figure out why. Is that part of the issue?
Welcome to the forum David Witkin, first off lets start with the Anvir.exe
Could you have a look in Defence+ → Unrecognized Files to see if Anvir.exe is there. If it is tick it and move to “Trusted Files”
Iv`e downloaded the free portable version of Anvir and am getting no logs regarding explorer (getting them for trying to access CIS), just wondered what version you have and what settings do you have for CIS (especially Defence+).
Could you also have a look in Computer Security Policy → Double click the explorer.exe entry and tell us if the setting for Interprocess Memory Accesses is Ask or Allow.
Also possibly go to Computer Security Policy and Add the Anvir.exe then give it the pre-defined policy “Installer or Updater”.
You could create a group for the whole Anvir folder via protected files/folders ->Groups->Add->A new Group->Browse to the folder and hit the right arrow so you end up with C:\ProgramFiles\Anvir*