A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
- Can U reproduce the problem & if so how reliably?:Everytime
-
If U can, exact steps to reproduce. If not, exactly what U did & what happened:
STEP1-Disable Cloud lookup, analyze unknown files in cloud by uploading them for instant analysis.
STEP2-Disconnect internet.
STEP3-Restart.
STEP4-DISCONNECT INTERNET. RUN ATTACHED HASHMYFILES.EXE. IT HAS NO DIGITAL CERTIFICATE. - If not obvious, what U expected to happen: IT SHOULD BE BLOCKED. INSTEAD FILE IS BEING ADDED TO TRUSTED FILES. DEFENCE+ LOG SAYS SCANNED AND FOUND SAFE. ALSO KILLSWITCH SHOWS THE PROCESS AS TRUTED. IN FACT THE FILE IS NOT SANDBOXED ACCORDING TO ANY OPTION SET IN BEHAVIOUR BLOCKER[I.E. AUTO SANDBOX UNKNOWN APPLICATION] PARTIALLY LIMITED, LIMITED, RESTRICTED, UNTRUSTED, BLOCKED.
- If a software compatibility problem have U tried the conflict FAQ?: NONE
- Any software except CIS/OS involved? If so - name, & exact version: NONE
- Any other information, eg your guess at the cause, how U tried to fix it etc: NONE
-
Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware) ATTACHED
[/ol]
B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: 6, 1, 275152, 2801
- Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:All, HIPS=safe, BBlocker=Blocked, Firewall=Safe, AV=cloud is OFF
- Have U made any other changes to the default config? (egs here.):NO
-
Have U updated (without uninstall) from a CIS 5?:NO
[li]if so, have U tried a a clean reinstall - if not please do?:DONE
[/li]- Have U imported a config from a previous version of CIS:NONE
[li]if so, have U tried a standard config - if not please do:DONE
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:xp32sp3ver5.1build2600.xpsp_sp3_qfe.130307-0423 : Service Pack3, UAC=off, admin, VM not used -
Other security/s’box software a) currently installed b) installed since OS: a=NONE b=NONE
[/ol]
[attachment deleted by admin]