Auto containment started blocking npm and node.js child processes as of 9/22/22

Help & Support Contact Xcitium
1

on 9/22/22 cis auto containment started blocking node.js scripts when ran using command npm run “name” but adding rules in the auto containment to allow npm and node.js doesnt seems to work at all. logs in containment events include;



Date & Time Application Status Action Rating Contained by Parent process path
2022-09-24 12:37:33 C:\Users\matth\AppData\Local\Temp\dev-7a0a4063.cmd running Run Virtually Unrecognized Containment Policy C:\Program Files odejs ode.exe
2022-09-24 12:37:33 C:\Program Files odejs ode.exe running Run Virtually Trusted Contained Process C:\Windows\System32\cmd.exe
2022-09-24 12:37:33 C:\Windows\System32\cmd.exe running Run Virtually Trusted Contained Process C:\Program Files odejs ode.exe
2022-09-24 12:37:33 C:\Windows\System32\cmd.exe completed Run Virtually Trusted Contained Process
2022-09-24 12:37:33 C:\Program Files odejs ode.exe running Run Virtually Trusted Contained Process C:\Program Files odejs ode.exe
2022-09-24 12:37:29 C:\Users\matth\AppData\Local\Temp\dev-a7e85c9a.cmd completed Run Virtually Unrecognized Containment Policy
2022-09-24 12:37:29 C:\Program Files odejs ode.exe completed Run Virtually Trusted Contained Process
2022-09-24 12:37:29 C:\Program Files odejs ode.exe completed Run Virtually Trusted Contained Process
C:\Program Files odejs ode.exe is added to the rule list as ignore but is still ran virtually and the child process changes each time node is ran. maybe I'm adding the rule wrong as I have to add it manually. but I'm not sure why i need to add the rule at. when i use command npm run dev it runs nodemon index.js nodemon runs node index.js and monitors for crashes. when i run nodemon index.js from the command prompt the program isn't isolated its only isolated when ran with npm. npm is a windows command script located in c:\program files odejs because its npm.cmd it doesn't show up in the file list when trying to make a rule for it.
2

i waas able to force cis to create a rule for npm.cmd but *.cmd should be added to the list of applications cis recognizes