I need some advice. I woke up this morning with fresh blank log files. and no where in task did it say that it had deleted the task file. this very abnormal.
second l i have these strange entries showing up in my log this morning and that’s all aim seeing.
have i been hack or is there a settings that’s causing this weird behavior with a bug. please move this to the proper forum , i just need advice first before it develops in to a bug report.
see attached picture. it keeps saying string added. wonder if i have been hacked.
I am freaking out because in the configurations changes log it says user(me?) is adding these strings but i am not.
My guess is some form of bug. Unstickied it so people can discuss. Could be files being added to trusted files by a scan - ie intended. Was it a rating scan? Not seen this before myself.
Can you be more specific about what you mean when you say the task file had been deleted? IE give the steps you wen through that led you to that conclusion
User probably means some software started under your user account.
But I’m not a malware/hacking expert, so I’ll see if others have a different opinion.
cis 6-2639 with TVL restored from 2626. what i meant was that no task was show that deleted my log file. like normal. when you your log file is deleted it shows in tasks. well at least it did in the past.
attached is the exported log of my configuration changes log notice it says string added and it says user and it definitely not me.I also have a failed diagnostic. it says failed and it’s the schedule.
attached is the diagnostics and my configuration changes log file
well i have a second PC with the same setup. attached is it’s strange configuration changes log file and a Passed diagnostic unlike the other PC this one has a good diagnostic.zip This is my Amd x4 and the other log is from my Intel x4.it also has these strange log file entries.These are Both Windows 8 Pro x64
The 2639 build is broken. I installed it earlier tonight on my netbook with Win 8 x86. I did not have the TVL problem but it had not installed cistray.exe nor the repair folder.
As egemen stated when that build was withdrawn it should not have been for download
That makes me torn to advice whether or not to look further into it as there is a newer build us mods are currently using. :-\
I sure would like to know if the new build you are testing would remove these strange log entries and actions by cis 6 2639. hope fully soon it will become more public.I also did verify that create rules for safe applications is Not checked under HIPS settings.
88)
I have similar entries in the configuration logs. I must say I have overlooked the fact that in v6 configuration changes are being logged. These logs are new functionality.
I don’t doubt that but only if create rules for safe applications is checked in hips should configuration changes occure or? this is very confusing because everything you do it announces and says you are changing it. while it’s adding away and you are not. What about when your log file is erased?it should show up a as a task of logged somewhere that is was done right?
It is logging whether program are trusted or untrusted and added to the list of Trusted or Unrecognised Files. This is not about rules being made in D+
This is how CIS works. The only difference is that we now see it logged. Since this is not about making Defense + rules it does not matter if “Create rules for safe applications” is enabled or not/
this is very confusing because everything you do it announces and says you are changing it. while it's adding away and you are not.
When running D+ in Safe Mode you implicitly consent that CIS takes such decisions. Formally speaking the logs are correct that the action is done by the user. It can be confusing though.
Eric in build 2626 it shows string added but doesn’t list and file names of what it is doing the log is blnk.
attched is sample.at least in 2639 you can see what files this is happening too.
In the provided log I do see the logs being complete. See attached image.
May be there is a discrepancy between what is shown in the View Logs screen in CIS and what it shown when a log is exported. If that is the case then we are looking at a bug.
