The bug/issue
- What you did:
- Downloaded Wireshark x64 executable from Wireshark · Download
- Installed Wireshark on local system (Update from Wireshark 1.4.0)
- Afterwards look into the “Unknown Files List”
- What actually happened or you actually saw:
- I got exactly one alert for wireshark-win64-1.4.4.exe, on which I answered “Treat as Installer or Updater”
- No new files were listed in the “Unknown Files List”
- What you expected to happen or see:
- The new files from the Wireshark installation should be added to the “Unknown Files List”
- How you tried to fix it & what happened:
Sorry, no clue, it seems to work with other files.
-
If its an application compatibility problem have you tried the application fixes here?: -
-
Details & exact version of any application (execpt CIS) involved with download link:
Opera 11.01 Download the Opera Browser for Computer, Phone, Tablet | Opera
Wireshark 64-bit 1.4.4 Wireshark · Download
- Whether you can make the problem happen again, and if so exact steps to make it happen:
- Redownloading and Reinstalling didn’t change anything
- Any other information (eg your guess regarding the cause, with reasons):
- CIS misses some files introduced into the system
- Trust files from trusted installers is disabled, sandbox is disabled
- Image Execution Control is enabled
Your set-up
- CIS version, AV database version & configuration used:
- CIS 5.3.176757.1236
- AV DB 7852
- Sandbox off, D+ Clean-PC-Mode, Firewall Custom Policy, Rules based on Proactive Security configuration
- a) Have you updated (without uninstall) from CIS 3 or 4:
- No
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: -
- a) Have you imported a config from a previous version of CIS:
- No
b) if so, have U tried a standard config (without losing settings - if not please do)?: -
- Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):
D+ Settings:
- Clean-PC-Mode
- Block unknown requests if GUI not running: on
- Adapted mode for low resources: off
- Disable D+ permantently: off
- Create rules for secure apps: off
Execution control:
- on
- Treat unknown files as: off
- Heuristic command line analysis: on
- Analyze behavior off unknown files online: off
- Analyze unknown files online: off
- Recognize BO: on
Sandbox:
- off
- virtualize fs: off
- virtualize registry: off
- recognize installers and don’t run in sb: off
- trust files from trusted installers: off
- notify about sandboxed processes: on
Monitor settings: all options ticked
- Defense+, Sandbox, Firewall & AV security levels: D+= , Sandbox= , Firewall = , AV =
D+=Clean-PC-Mode
Sandbox=Off
Firewall=Custom Policy
AV=Stateful
- OS version, service pack, number of bits, UAC setting, & account type:
Win 7, SP1, 64-bit, UAC enabled, admin account
- Other security and utility software installed:
none
- Virtual machine used (Please do NOT use Virtual box):
no