The bug/issue
-
What you did:
Not sure exactly how this happend, just happend after a period of time after installing cis5 -
What actually happened or you actually saw:
On boot, after typing in my user password, vista takes a painfully long time to logon, followed by a black screen for 30 seconds or so before loading the desktop -
What you expected to happen or see:
Usual practice is to log on within 2 seconds after typing pasword as i have a performance level system -
How you tried to fix it & what happened:
Created d+ rule for C:\windows\system32\AtBroker.exe and specified windows system file and this resolved the issue -
Details (exact version) of any software involved with download link:
windows vista x64 sp2 with uac enabled? -
Any other information you think may help us:
I dont know exactly why this happens, I had cis v5 installed for 3 weeks and everything was fine, then this started happening. PS, This also happend with v5 beta before i did a reformat & reinstall of windows. No information regarding the issue in the event log
Files appended
- Screenshots illustrating the bug: n/a
- Screenshots of related event logs or the active processes list: n/a
- A CIS config report or file: n/a
- Crash or freeze dump file: n/a
Your set-up
- CIS version, AV database version & configuration used:
Cis 5.0.162636.1135 Release fully up to date, default settings - Whether you imported a configuration, if so from what version:
Using cisv5 default settings, ‘Block all unknown requests if the application is closed’ is disabled - Defense+ and Sandbox OR Firewall security level:
Default levels - OS version, service pack, no of bits, UAC setting, & account type:
Vista x64 SP2 with uac enabled running on an admin account (Tried and tested disabling uac completely) - Other security and utility software running:
none - Virtual machine used (Please do NOT use Virtual box):
no
Thought id investigate this further, as this has been plaguing me since the beta, recommend atbroker.exe be added in D+ rules under windows system applications for the next release (AtBroker.exe is a signed recognised microsoft executable btw)
EDIT:
Added all the requested info to the relevant areas