A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
- Can U reproduce the problem & if so how reliably?: yes, 100%
- If U can, exact steps to reproduce. If not, exactly what U did & what happened:
- Enable BB and set it to “blocked” mode.
- Find & run any untrusted application.
- Observe no on-block popup.
- Check logs to see no entry for this action.
- If not obvious, what U expected to happen:
[li]Other BB modes show popup when application gets auto-sandboxed for the first time, similar to this one (it’s from kb pages):
But in “blocked” mode there is no such popup. IMHO it should be as well.
- When BB is in less restrictive modes there is corresponding log entry for sandboxing action in “Defense+ Events” like “Sandboxed As; Partially Limited”.
For “blocked” mode there is no such log entry. IMHO should be “Sandboxed As; Blocked” or other more adequate text.
The only log event existing for all modes is when “Unrecognized Files” list is updated - in “Configuration Changes” as “String Added; Sandbox: Alert Timeout” and exe path as a value.
[/li]- If a software compatibility problem have U tried the conflict FAQ?: no
- Any software except CIS/OS involved? If so - name, & exact version: no
- Any other information, eg your guess at the cause, how U tried to fix it etc: not fixable
Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware) attached config, diagnostics file and KillSwitch report, please PM for password
B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: 6.2.285401.2860, custom (attached)
- Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: AV (stateful), FW (custom), BB (blocked)
- Have U made any other changes to the default config? (egs here.): yes
Have U updated (without uninstall) from a CIS 5?: no
[li]if so, have U tried a a clean reinstall - if not please do?: n/a
[/li]- Have U imported a config from a previous version of CIS: yes, previous revision
[li]if so, have U tried a standard config - if not please do: no
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: XP, SP3, 32b, DEP, admin, no VM
Other security/s’box software a) currently installed b) installed since OS: a=no b=no
[attachment deleted by admin]