Alert Setting Tab > Alert Frequency Level - Explanation

Alert Setting Tab > Alert Frequency Level:
(from the manual)
It should be noted that this does not affect your security, which is determined by the rules you have configured

Can you explain? Is it related the the Alarm windows (red/orange/yellow) or are they the messages I see from time to time (e.g. D+ is learning, etc.)?

So far when I install a program:
1 Alert = 1 choice to make (allow/deny), 10 Alerts = 10 choices, etc.
If I reduce the number of alerts, I reduce the number of choices.
Less choices = less security

So I am not clear with the manual explanation. I set it to high. What would you recommend and what difference would that make on a regular CSI usage?

Instead of posting all these question why don’t you just leave well enough alone. Leave CIS the way it was when you installed it. Geeezzz. You are your worst enemy.

To all posters,

Please consider that others may want or need to use software differently to the way you use software.

Some want to just set-and-forget, some want to know what goes on under the hood.

We all have our own path to knowledge - some jog, some run - the journey is still valid.

Cheers,
Ewen :slight_smile:

Sorry panic.99% of these questions can be solved by reading then “help” file. I did.

LOL. If everyone read the help file, you and I wouldn’t need to be here. :wink:

Cheers,
Ewen :slight_smile:

I refer to the manual (or help file) in the first post on the thread.
My question about the Alert setting is still pending. Thanks.

Where you set the ALERT SETTINGS determines the granularity of the resulting ruleset.

Setting it to very high will create a rule for every access for every protocol for every direction (in or out) for every port and for every address. What this means is that, for a browser, you would end up woth separate rules for every address you went to, as they are separate addresses. Lower settings produce correspondingly looser rules.

This setting would work in well with what you were asking about suspicious programs, as it would show all details for each outbound attempt.

Cheers,
Ewen :slight_smile:

Alright, now I understand the difference clearly. Thanks Panic :-TU

EDIT: This is a global setting right. So let’s say I keep it medium in usual. Then I install an application - and I want to prevent it to have any contact with the outside (scenario). Before to install the application, I move the alert setting to Very High, install and create the custom rules accordingly.

Then I revert the setting back to Medium.

So here is my question: are there applications (not specifically applications with bad intend) which change port or mode of communication after installation to communicate with the outside? Or they don’t, it is static?

My point is if I create some block rules during installation and then revert to an more loose setting, if the application uses a different port or IP to communicate, I might not have an alert? (correct/incorrect?)

Correct, but most applications have fixed communications paths - i.e. they are programmed to send/receive on known ports. It’s usually only things like P2P that hop around.

Ewen :slight_smile: