1. The full product and its version:
CIS beta 8.0.332922.4281
2. Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
WinXPSP3 x32, VMware
3. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
Config: Proactive Security
Antivirus: disabled
HIPS: Paranoid mode
“adaptive mode under low system resources”: enabled
“enchanced protection mode”: disabled
Auto-Sandbox: disabled
Viruscope: disabled
Firewall: disabled
Cloud Lookup: disabled
Trust application signed by trusted vendors: enabled
Trust files installed by trusted installers: enabled
Detect potentially unwanted applications: disabled
4. Did you install over a previous version without uninstalling first, or import a previous configuration file?:
No
5. Other Security, Sandboxing or Utility Software Installed:
No
6. Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step:
1: Set configuration: HIPS is on (Paranoid mode), Auto-Sandbox is off
2: Add file “a.exe” (from the attachment) to trusted
3: Run it
4: Allow “exporer.exe” to run “a.exe”
7. What actually happened when you carried out these steps:
The program “a.exe” will create and execute the program “b.exe”. Both programs will execute with no restrictions, and the file “b.exe” will be added to trusted.
8. What you expected to see or happen when you carried out these steps, and why (if not obvious):
Because HIPS works in Paranoid mode and Auto-Sandbox is disabled, any action by programs “a.exe” and “b.exe” must call HIPS alerts, regardless of theirs rating. The file “b.exe” must not be added to trusted.
9. Any other information:
It was the typical behaviour of CIS7:
when the privileges of an application are determined by its path, the application will not be granted as “Installer or Updader”.
E.g.: the path of an application is excluded from Auto-Sandbox and it has a full determined HIPS ruleset (without action “Ask”, e.g. “Windows System Application”).
But the behaviour of CIS8b is changed. Imho it is not correct.
With V7, with the same configuration described in this bug report, V7 would have created HIPS popups for both a.exe and b.exe, even though a.exe was manually added to the Trusted Files List.
I have attached video to compare behaviour of versions (the configuration on the video differs from the mentioned)
The heart of the problem: with CIS7 I had a method to suppress privileges of trusted installers, in case they are undesirable. But with CIS8b I cann’t do it.
[attachment deleted by admin]