VIDEO LINK: CIS Trusted File in Sandbox on Vimeo
*** VIDEO ATTACHED for download at end of post ***
The phenomena shown in the video has been persistent since CIS v. 7. It is absolutely reproducible.
It is independent of:
- CIS configuration
- any software installed on system
- any software removed from system
- CIS uninstall\re-install
- clean install of OS
- physical system (e.g. AMD or Intel, A8\10 or i3\5)
- the application run inside the sandbox; all Trusted files generate alerts when run in the sandbox
- whether the Trusted file rating was assigned via FLS or user
I have tried for many months now to connect the issue to something specific - to no avail.
NOTE: The only thing I have not been able to test is the OS version - e.g. on W7 - since all my systems are W8.1.
In the video you will notice the alerts are limited to firewall alerts - as expected with Internet Explorer - the Trusted app used to illustrate the issue. However, rest assured I have also seen HIPS alerts, but I cannot remember the exact combination of events\files that generated the HIPS alerts.
For the sake of thoroughness I show that previous versions of IE (4\17) and updated versions (6\9) are all rated as Trusted in the CIS File List.
The attached video is in Microsoft Video 1 AVI format. It can be viewed using Windows Media Player, VLC Player
or Classic Media Player. The video is zipped in 7z Ultra format and is about 4.5 MB in size.
Any thoughts would be greatly appreciated; is it, or is it not, a bug?
I’d really like to get a definitive answer on this matter once and for all.
PS - I forgot to mention that sometimes CIS will forget that rules exist and create alerts for Trusted files run in sandbox. Issue is intermittent.
[attachment deleted by admin]