A. Some LeakTest bypass the Firewall configuration with the maximum protection active.
Can you reproduce the problem & if so how reliably?:
Yes. I have the following rule in my rule sets for the sandbox:
Action: Run virtually (Fully Virtualized)
Target: All applications
Location: any ; Origin: any
Options: I have enabled all firewall options to maximun with custom rulest active (any application that tried to access internet has to request access to)
I have tested all mautosec leaktest with the last version of CIS and 4 of his executable break out the cis security. 3 of them pass the firewall and sent information using my default browser and the other can shoutdown my pc even it has executed fully virtualized ( executable name SSS3.exe).
I have attached a zip file with captures of my CIS configuration and the result of the leaktest for the excutables: inject1.exe, Newclass.exe and dnstester.exe.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
One or two sentences explaining what actually happened:
Some leaktest programs from matousec proactive secutity challenge project can pass the firewall rules even with all options to the maximun security and fully virtualized as you can see in the attached pictures.
One or two sentences explaining what you expected to happen:
I’m expected that CIS-Firewall ask me about these programs to try to access to internet.
If a software compatibility problem have you tried the advice to make programs work with CIS?:
Any software except CIS/OS involved? If so - name, & exact version:
Any other information, eg your guess at the cause, how you tried to fix it etc:
B. MY SETUP
Exact CIS version & configuration:
CIS 188.8.131.5226 up to date.
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
Antivirus - stateful, Autosandbox - enabled (fully virtualized), Firewall - enabled (custom ruleset), HIPS - enabled (safe mode)
Have you made any other changes to the default config? (egs here.):
Yes. I have raised the level of the firewall. (attached is my firewall configuration)
Have you updated (without uninstall) from CIS 5, 6 or 7?:
Yes, I have updated from version 7 to version 8 (last version) without probems.
if so, have you tried a a a clean reinstall - if not please do?:
Have you imported a config from a previous version of CIS:
if so, have you tried a standard config - if not please do:
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 7 Ultimate, SP1 (windows update to up date), 64 Bit, UAC disabled, Administrator, Real Machine used for the test.
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
[attachment deleted by admin]