Add monitoring and notification CIS capability for changed applications

It would be nice to have a monitoring and notification feature in CIS for applications in relation to the following threads:;msg671175#new

An example of how the above-mentioned notification could look like:

I got it from a discussion on comodo in

Having this capability would only be a plus for Defense+ (let’s make it Defense++ :D)

It may be helpful. However, that sort of protection would also kick in any time an application was updated as well.

Therefore, what I would like to see is for this sort of addition to also help combat the problem of unsigned applications which update frequently constantly being put in the sandbox. Something like this could help protect against the referenced vulnerability and also add usability.

However, I believe it should not be activated by default. As long as it’s an opt-in configuration change I support this, but Comodo’s message should not be so scary. It should mention that it can also be caused by simple updating.

Good Idea. I voted yes. but optional

+1 about the not being scary part.

You should qualify that Chiron. I use the nightly builds of firefox, which are unsigned, update every day and don’t generate any additional alerts, even when the version changes. However, with OA (see image) I know which I’d prefer…

[attachment deleted by admin]

But I thought that with the changes advised in the first post we would start to see alerts for updates such as that. Am I misunderstanding the wish?

I’m not sure if there’s a misunderstanding and if there is, by whom. I’m just pointing out that, unlike some products, CIS doesn’t always notify on application change - hash.

In the case above, I install firefox 21 (unsigned) launch that application and get firewall alerts, which I allow. I replace the version 21 binaries with binaries from version 22 (unsigned) and with CIS I get nothing. You can see what happens under OA.

Unfortunately, this is an old old topic, which may or may not be an issue. Personally, I’d like an alert, when a binary changes, without needing recourse to paranoid mode in HIPS.