Some files are not recognized as new in the system in Clean-PC-Mode [NBZ]

The bug/issue

  1. What you did:
  • Downloaded Wireshark x64 executable from Wireshark · Download
  • Installed Wireshark on local system (Update from Wireshark 1.4.0)
  • Afterwards look into the “Unknown Files List”
  1. What actually happened or you actually saw:
  • I got exactly one alert for wireshark-win64-1.4.4.exe, on which I answered “Treat as Installer or Updater”
  • No new files were listed in the “Unknown Files List”
  1. What you expected to happen or see:
  • The new files from the Wireshark installation should be added to the “Unknown Files List”
  1. How you tried to fix it & what happened:

Sorry, no clue, it seems to work with other files.

  1. If its an application compatibility problem have you tried the application fixes here?: -

  2. Details & exact version of any application (execpt CIS) involved with download link:

Opera 11.01 Download the Opera Browser for Computer, Phone, Tablet | Opera
Wireshark 64-bit 1.4.4 Wireshark · Download

  1. Whether you can make the problem happen again, and if so exact steps to make it happen:
  • Redownloading and Reinstalling didn’t change anything
  1. Any other information (eg your guess regarding the cause, with reasons):
  • CIS misses some files introduced into the system
  • Trust files from trusted installers is disabled, sandbox is disabled
  • Image Execution Control is enabled

Your set-up

  1. CIS version, AV database version & configuration used:
  • CIS 5.3.176757.1236
  • AV DB 7852
  • Sandbox off, D+ Clean-PC-Mode, Firewall Custom Policy, Rules based on Proactive Security configuration
  1. a) Have you updated (without uninstall) from CIS 3 or 4:
  • No
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: -
  1. a) Have you imported a config from a previous version of CIS:
  • No
    b) if so, have U tried a standard config (without losing settings - if not please do)?: -
  1. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):

D+ Settings:

  • Clean-PC-Mode
  • Block unknown requests if GUI not running: on
  • Adapted mode for low resources: off
  • Disable D+ permantently: off
  • Create rules for secure apps: off

Execution control:

  • on
  • Treat unknown files as: off
  • Heuristic command line analysis: on
  • Analyze behavior off unknown files online: off
  • Analyze unknown files online: off
  • Recognize BO: on


  • off
  • virtualize fs: off
  • virtualize registry: off
  • recognize installers and don’t run in sb: off
  • trust files from trusted installers: off
  • notify about sandboxed processes: on

Monitor settings: all options ticked

  1. Defense+, Sandbox, Firewall & AV security levels: D+= , Sandbox= , Firewall = , AV =

Firewall=Custom Policy

  1. OS version, service pack, number of bits, UAC setting, & account type:

Win 7, SP1, 64-bit, UAC enabled, admin account

  1. Other security and utility software installed:


  1. Virtual machine used (Please do NOT use Virtual box):


Thank you for your bug report in the required format.

Moved to verified.

Thank you