I created a batch file (Test.bat) which simply creates a folder (test) on the desktop. With CCAV, this would have prompted me for an action. However, if I run this test under CIS, a test folder is created on the desktop (no warning, no prompt). Is this correct behaviour? Ok, this file is harmless (and maybe CIS see's it for what it is) but what if it had been malicious and wasn't in CIS's database? (offline/online). Maybe *.bat files aren't considered dangerous compared to their *.exe brothers.
At the moment, I'm torn between using CIS and CCAV. I like the additional features of CIS yet like the simplicity of CCAV. If CIS and CCAV rely on default deny, if I were to go with CIS, do I require the firewall module or does Windows firewall offer enough protection due to default deny?