I can’t reproduce this now but I think there is a problem. I guess it is down to timings.
I have not had the “block all requests when the application is closed” ticked.
I am now having problems with inconsistant CLT results. One time I run It it is sandboxed and vulnerable to 2 tests, another time It is trusted and I get a much lower score. It should not have been trusted. The very first time I ran it I got loads of pop-ups and 100% passed. I probably had the sandbox off then.
I have just reproduced CLT being trusted. I copied the folder containing CLT to a new location but changed nothing in CIS. When I ran it CLT.EXE and all its DLLs were added to trusted list and many of the tests failed. It also clobbered by firefox installation. Firefox.exe had been overwritten. Had to reinstall Firefox.
I have attached screen of processes running. CLT is marked as unknown installer and not sandboxed. “Automatically detect installers” was not ticked but “automatically trust files from trusted installers” was.
Thanks for your honesty. Since you cannot reproduce, I’m not sure whether to forward this. Frustrating for you I realise. If OK with you, I’ll ask another mod for advice.
The CLT issue is repeatable. I copy the folder containing CLT and its files somewhere else, run at immediately and it is trusted. I have not run the tests again as it clobbers firefox. I then take it out of the trusted files list and run it and it is sandboxed when I run it.
Something must go wrong with new files. Perhaps while they are checked on line they are temporarily trusted. I am sure there is a bug here that needs to be fixed.
Please see the new topic created for the CLT variable results issue, from your text.
Sorry should have said that the CLT is trusted issue was known and has already been fixed - basically it got into the white list.
Your firefox issue sounds like a CLT bug, so you’d need to raise a CLT issue. Maybe the only way to do this would be to PM Egemen. If you think its a CIS problem please raise a specific CIS issue for it.
I’m still thinking about the issue we started with inthis topic. Maybe I need a bug in Bugzilla for inconsistent results under load. Was cmdagent or overall processor load high when the unrecognised file was marked as safe?
PS if I do forward it I’ll have to remove all the stuff about CLT, so please post any further on CLT in the new topic.
My problem with CLT is NOT that it is the safe list. Normally it gets sand boxed as untrusted. Sometimes it automatically gets marked as trusted when it should not. That is the problem. It appears to be the same problem as with my test programs. I will investigate more.
I have repeated this three more times. Copy the folder containing CLT and its associated files. Immediately run CLT in the new folder. It is marked as trusted by CIS. CLT.exe and all its DLLS get added to “trusted files” and it fails load of tests. If I wait a while before running it after copying it CLT is correctly sand boxed.
As for clobbering firefox, CLT makes a copy of firefox called firefox.exe_ and then truncated firefox.exe. I guess this is part of one of the tests. I did not think it did anything destructive but it is easy to undo.