Thanks, but everything is as default as it could be. No import/export and CIS simply learns in Clean PC Mode that I execute Opera and give it network access (“treat as browser”). I don’t edit any D+ rules. Then, when attempting to download any file in Opera (or IE), the warning comes, every time.
Ok, well, now you’ve found out how deep my understanding of this all is. lol.
I use CIS on full blast, and live with the consequences.
But, I recently did the MS updates. And, similar to your comment, the MSRT had to modify, create?, a folder and had to modify some registry key’s. I know that cause I did get D+ notices.
Maybe my notices were because MS was messing with protected areas. I don’t know, I haven’t researched.
Maybe your notices are because of where you save your downloads? Or, are you running your downloads instead of saving them? I am, right now, recalling being prompted with a D+ when downloading some programs, and it always had to do with creating a folder.
Anyway, just trying to help jog the thoughts. If you find a answer to your question that works, please post!
As for MS Updates I can’t tell, I always disable D+ when updating because I don’t want it to learn things about temporary installers etc. But I guess your observation of MS messing with protected areas is correct, that would make sense, it’s OS updates after all.
No, just saving the .exe downloads, always in My Documents… “Opera is trying to create xyz.exe”… Perhaps making Opera a trusted application in D+ would work, but I’m not sure it’s a good idea, with regards to the security aspects of letting D+ trust a program which may be targeted for attacks.
If this gets resolved, I’ll try to remember posting here.
I have noticed on my PC I can download from firefox without a pop-up but not from IE. In computer security policy *.exe is automatically added to firefox but not IE. This is in clean PC mode. Looks like a bug to me. The worst bit is IE 8 downloaded 230 MB before it complained that it could not save it.
It looks like if ANY safe application writes to an exe file for some reason it is immediately gets a rule allowing it to write to *.exe (I wish it would not do this. It needs a setting, like firewall, for more or less rules).
For some reason it does not do this for IE 8. I am clean PC mode and it is not in my pending files so it should be safe. So I get a pop-up each time I download with IE 8. As I use firefox all the time I only recently noticed this.
I suppose this is the case in Clean PC Mode. As far as I know: You can tweak whether D+ should ask you about an .exe file executing another .exe file, but you can’t tweak D+ to ask you about an .exe file creating another .exe file.
No harm in letting the browser create the file, trying to run it though, is another thing… unless I’ve missed something here I’d like to see this option in D+. :-La
I’d rather say, the only potentially malicious event would be executing an .exe-file, not just getting it on the HDD… I wouldn’t mind some dangerous website making Opera create an .exe file on my HDD (although getting Opera to block itself would be nice, like Firefox+NoScript would do :)), but I’d mind a dangerous website making Opera execute the .exe file. You can have tons of malware on your machine but they do no harm unless executed.
Haven’t thought of it that way before, but it sounds reasonable. If so, I would prefer CIS giving an alert only when executing this new downloaded file… For example you can drag & drop new, unknown files from a USB stick or likewise. This will cause no warning, but they are still entering the system as unknown files, similar to downloading something from the Internet. It would be sufficient (for me) to get a warning if these files were to be executed, no matter if their origin is a USB stick or created by the browser.
Well now I’m not so sure my first assessment was right.
I just downloded a couple of .exe in IE & FF D+ in Safe Mode(where I normally run) No Pop ups.
Switched to Clean PC and did same experiment still No Pop ups.
So if I was completely right I should have gotten Pop ups, so there must be something more to this.
Unless my existing rules from running in Safe mode skewed the result.
Maybe you could test by just flipping to safe mode and trying a download and see if it pops or learns.
There should be a pop-up when executing a new or modified exe in clean PC mode but not when downloading. I think it is a bug. Executing is the most dangerous thing, not downloading or modifying the file.
Thank you for the attention. I’m on XP SP3, just CIS running (12 processes including cfp.exe & cmdagent.exe, + 1 process for Opera or IE8). The CIS version is currently the .494 beta but this alert has been around for ages, regardless of version.
I am on vista SP1 with the latest 3.8 of CIS and firefox can write to any exe but IE 8 cannot. I found one other program that can write to *.exe and quite a few programs can write to *.dll. None of these were added by me. In earlier versions I allowed firefox to just write to any file in the downloads directory but that is pointless now as it can write anywhere. I have not tried 3.9 yet.