why to change the priority of rule in Exclusion part with v5.8 beta?

darkwolf_99 · August 20, 2011, 1:54am

According to my test, new beta version has changed the priority of rule in programs’ Exclusions. Now the priority, “Allow”<“Block”.

I think, someone may think that it can get more safty. Maybe they are right. But I believe that there is just very little to enhance the safety. And on the contrary, it makes huge inconvenience to make Exclusions of rules.

For example, I block firefox.exe to create “.exe” in all of my partitions, but only my download folder. As before, I only need to make a rule in Exclusion of block, “*.exe”, and make a rule in Exclusion of Allow, “x:\download*”. That’s ok because with priority, “Allow” >“Block”.

But with new beta CIS, I cannot make rules easily. And what’s more, I don’t know how to make rules to accomplish my such purpose.

Or is it avaliable to add an option to let users choose the priority?

Citizen_K · August 20, 2011, 2:47pm

Can you see if the FF rule you made is placed somewhere above a rule with name “All Applications”? If not move it there and try again.

darkwolf_99 · August 21, 2011, 2:01am

Many thanks for your reply. I tried twice. But it is the same wherever the FF rule is above the rule of “All Application” or not.

Citizen_K · August 22, 2011, 1:58pm

How do you make it block in the current situation now you cannot use the wildcard *.exe anymore?

darkwolf_99 · August 23, 2011, 1:01am

I think that you have not understood what I said.

In 5.8beta, CIS firstly executes the rules in “block”, *exe; and then does the rules in “allow”. So go to my sample. When I download A.exe from a website by FF, now CIS execute the rules that blocks to create A.exe because the rule in “block” is *.exe. Now there is no chance to execute the rule in “allow”, “x:\download*”, so FF has no chance to create A.exe in x:\download.

But before 5.7 (including 5.7), CIS firstly execute the rules in “allow”. So FF can download A.exe in x:\download.

Now the problem which the 5.8beta makes is very huge because the change of priority makes some rules impossible.

For another example, I need x.exe cannot creat, modify and delete any file in x:, including subfolders, but x:\a\ and its subfolders.

With 5.7 and earlier version, it is very simple. the rules are follows, only two rules,

in x.exe’s exclusion “allow” rule, to create rule, “x:\a*”
in x.exe’s exclusion “block” rule, to create rule, “x:*”

That’s ok.

But with 5.8, you have no idea to achieve it. The change of priority makes it impossible.

Citizen_K · August 24, 2011, 12:34am

Thanks for the explanation. I now understand what is going on.

Since I am not sure this is by design so I would suggest to post it in the release topic and drop egemen a pm to ask to comment on the change. He can tell if it is by design or by mistake.

darkwolf_99 · August 24, 2011, 1:56am

I highly appreciate your effort. Please let me know as soon as you get any reply.

If it did be designed, I think, it brings much more disadvantages than advantages.

egemen · August 24, 2011, 3:13pm

Indeed. It has been changed to make BLOCK priority higher than ALLOW. But it seems it might bring issues to the users such as yourself.

So we will return it back to its old settings.

darkwolf_99 · August 25, 2011, 4:20am

highly appreciate it, egemen!

egemen · August 25, 2011, 2:15pm

Thanks for your feedback.

darkwolf_99 · August 25, 2011, 2:33pm

anytime ;D

by the way, new beta will be released soon?

egemen · August 25, 2011, 2:53pm

Possibly next week.

darkwolf_99 · August 26, 2011, 8:37am

wonderful! ;D