Trusted App Keeps on asking again & again & again & again

CIS 4.1.150349.920
XP SP3

Why does Defense keep on and on and on popping up queries for the same application.
I have added it to my Safe List, Allowed and remembered the action, made it a windows system app, and still it pops up dozens of times.

Why would CIS ignore the the occasional Safe List Item?

Sorry you are being troubled by this. This problem should be greatly reduced in version 5.

Meanwhile there’s a FAQ on how to deal with this problem here.

If you want specific help you’ll need to tell us a little more:

  • are you sure its not malware
  • what is the app
  • who is the vendor
  • does it stay in my safe files
  • can you add the vendor via ‘My Trusted Vendors’
  • when do you get the alert
  • does the file for which the alert is made actually exist where defense plus says it is (look in the event logs)?

Best wishes

Mouse

Hi Mouse1, thanks for the swift response.

I have just spent the morning cleaning CIS v3 off my machine and installing v4 from scratch in the hope of fixing this, and was a bit frustrated when it happened again.

The offending app right now is Sys Internals RootKitRevealer, with which I am probably pushing my luck, as obviously it will be doing lots of deep stuff under the OS, which would normaly be considered “Naughty” by any protection system.

However I have been having similar issues with Foxit PDF reader, Two Modules of my Sony Ericsson Cellphone-PC Suite, MRouterRunTime, & ConnMngMntBox, , and a module in my Intel Wireless Software suite.

I have followed Chiron’s Max Protection & Minimum Alerts Config Guide, and was busy firing up all my apps to unsandbox them.

I will go through the FAQ you mentioned, and get back here if I don’t come right.

Thanks

anti rootkit products are well programmed when they use each time a new “identity”. that avoids that they would be stopped by malware which knows how to do, but not the actual name.

i dont have that problem with foxit. one time i went through the questions, told “allow this” and all was fine.

maybe you should try with disabled sandbox. if you want to use the sandbox, then dont mark “trust things from this vendor” (in the sandbox question). just mark, remember my answer there. that bug i noticed as i tested the sandbox a while ago. it kept asking me too, with this vendor marking.