Answering Firewall/Defense+ Alerts

I read the user’s guide for CIS, but am still unclear about correctly answering the alerts. It says to try to use the treat this application as option as much as possible. I don’t necessarily know which is the best option to choose. You have several choices, Outgoing only, Web Browser, etc. It’s not always apparent which is the best choice.

Any help would be appreciated.

I would recommend for you to use the pre-defined policy of “Outgoing only” for most things that are not an obvious choice, like Firefox or Opera would be “Web-Browser”, Outlook Express, thunderbird “E-Mail Client”.

Doing this you get the “Block and log all Unmatching requests” rule at the bottom.


Thanks, for the advice. Can you give me an example of when to treat something as a trusted application? I just don’t want to make any bone-headed mistakes, ya know?


May I step in?

You can treat something as a Trusted Application, when you know for sure it is safe. Before Trusting the application, research it in Google.

For example, if I was to download Frostwire. CIS would alert me, and ask what I want to do. I would first search in Google. Then, I would decide, that because Frostwire seems to be only mildly questionable, I would set it as a Limited Application. This is because of its slightly questionable nature. See what I mean?

So definitely do your research, before trusting. :wink: