1 problem (Defense+ not learn correctly):
If i set Defense+ config to training, when i get config back - it have only one learned application(last learned) in “Access Rights>Run and executable” for many applications as: explorer.exe, cmd.exe. rundll32.exe and others.
2 problem (remote management not work correctly):
If i set all “Access Rights>Run and executable” settings in Defense+ manually and then send config to client - it works fine, but if i answer the question for application in “Request Monitor” for this application will be learned only one “Run and executable” application again.
My workstations configuration:
Windows XP SP3 i386 Russian
CesmAgent_x86_0.9.0.0.msi
CIS_RM_Setup_3.8.480.41_x32_XP_Vista.msi - has this issue
CIS_RM_Setup_3.8.482.32_x32_XP_Vista.msi - has this issue
Defense+ Image Execution Control Level is Aggressive
My CESM server configuration:
Windows XP SP2 i386 Russian
CESM_Setup_1.1.1822.42_XP_Vista_x32.msi - has this issue
CESM_Setup_1.2.1994.34_XP_Vista_x32.msi - has this issue
example:
i send my config to workstation ( explorer.exe have 7 allowed application to executable)
[HKLM\SYSTEM\software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\1\Rules\0\Allowed]
“Num”=dword:00000007 - this key will be set to 1 if Defense+ learn on Training or remote management , and all policies in this root be was not workable, except last learned application.
Please, register at http://accounts.comodo.com/ and download free trial of CESM 1.2. There are plenty of bugfixesand some new features in both CESM and CIS.