Treat as isolated application on HIPS alert disables all shortcuts [v6]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
if choice “Treat as” → “Isolated application” in HIPS alert window, you cant use the all shortcut icon.

  • Can U reproduce the problem & if so how reliably?:Yes
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
  1. run any shortcut of Unknown file.
  2. CIS show HIPS alert window
  3. choice “Treat as → Isolated application”. then, yur see “…You do not have necessary permissions to perform this action” alert. yes! this is normal.
    But~
  4. go run other shortcut. ex) shortcut icon on background or windows taskbar
  5. you can see “…You do not have necessary permissions to perform this action” alert. and you cant execute the all shotcut.

but. you can directlly run the program rather than a shortcut. only you cant run the shotrcut. this problem can resolve to that reboot system.

[b]warning : Never checked “Remember My Answer”. if you check “Remember My Answer” and choice “Isolate application”, your windows need format. >:-D

  • If not obvious, what U expected to happen: normal execution
  • If a software compatibility problem have U tried the conflict FAQ?:no
  • Any software except CIS/OS involved? If so - name, & exact version: No.
  • Any other information, eg your guess at the cause, how U tried to fix it etc: if uncheck “Remember My Answer”, after reboot, you can normally use windows. but checked “Remember My Answer”, you need format the windows. i cant resolve. this is CIS Defense+ Bug.
  • Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
    [/ol]

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration:6.1.275152.2801, Proactive (No edit)

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:All active
  • Have U made any other changes to the default config? (egs here.):no
  • Have U updated (without uninstall) from a CIS 5?:no, fresh install.
    [li]if so, have U tried a a clean reinstall - if not please do?:yes. after reinstall windows, and retested.
    [/li]- Have U imported a config from a previous version of CIS:no
    [li]if so, have U tried a standard config - if not please do:yes. standard config.
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:Windows 7 Sp1 32bit, UAC Off, Adminstator, Real
  • Other security/s’box software a) currently installed b) installed since OS:No.
    [/ol]

[attachment deleted by admin]

I’m guessing you changed the standard explorer HIPS rules here?

I think by answering this you are saying treat explorer.exe as an isolated application?

So CIS correctly stops explorer.exe starting anything.

Not sure if 5.x handled this differently…

Hi Savit

Just for future reference the way to get out of trouble should be to reboot into safe mode, invoke CIS and change the rule in HIPS rules

HIPS is immensely powerful, mostly for good, but also if not used carefully you can do bad things…

Sorry if this caused you trouble Savit

Oh the tip was from Dennis, the expert on all things HIP (S)

Ok~ then, this is not bug.

Just for future reference the way to get out of trouble should be to reboot into safe mode, invoke CIS and change the rule in HIPS rules
:-TU

these policies are very dangerous and difficult to understand. I’ll think more. thanks mouse1 :wink:

[Wish] CIS must show the alert about action that affect the system. https://forums.comodo.com/wishlist-cis/cis-must-show-the-alert-about-action-that-affect-the-system-t94399.0.html;msg679887#msg679887

OK that is fine, I’ll move this to reolved then if that’s OK