Are there new default settings in CIS 5.3?

What are the new default settings (if any) with version 5.3?

Are there any differences with regard with these ones?

Quick and Dirty: a diff between 5.0.x.1142 and 5.3.x.1216 - Internet Security


<Group UID="{A1457BF0-108A-49FE-96B7-6D103D8320A8}" Name="Important Keys">
		<File Filename="HKLM\SYSTEM\ControlSet???\Services\*" DeviceName="HKLM\SYSTEM\ControlSet???\Services\*"/>
		<File Filename="HKLM\SYSTEM\ControlSet???\Control\*" DeviceName="HKLM\SYSTEM\ControlSet???\Control\*"/>
		<File Filename="HKLM\SYSTEM\ControlSet???\Class\*" DeviceName="HKLM\SYSTEM\ControlSet???\Class\*"/>
		<File Filename="*\SYSTEM\ControlSet???\Enum\ROOT\LEGACY_*\CSConfigFlags" DeviceName="*\SYSTEM\ControlSet???\Enum\ROOT\LEGACY_*\CSConfigFlags"/>
		<File Filename="*\SOFTWARE\Microsoft\Driver Signing\Policy" DeviceName="*\SOFTWARE\Microsoft\Driver Signing\Policy"/>
		<File Filename="*\SOFTWARE\Classes\?\shellex\ContextMenuHandlers\*" DeviceName="*\SOFTWARE\Classes\?\shellex\ContextMenuHandlers\*"/>
		<File Filename="*\SOFTWARE\Classes\*\shell\*\command\*" DeviceName="*\SOFTWARE\Classes\*\shell\*\command\*"/>
		<File Filename="*\SOFTWARE\Classes\*\shell\*\ddeexec\*" DeviceName="*\SOFTWARE\Classes\*\shell\*\ddeexec\*"/>
		<File Filename="*\SOFTWARE\Classes\.*\*" DeviceName="*\SOFTWARE\Classes\.*\*"/>
		<File Filename="*\SOFTWARE\Classes\AutoProxyTypes*" DeviceName="*\SOFTWARE\Classes\AutoProxyTypes*"/>
		<File Filename="*\SOFTWARE\Classes\PROTOCOLS\Filter\*" DeviceName="*\SOFTWARE\Classes\PROTOCOLS\Filter\*"/>
		<File Filename="*\SOFTWARE\Classes\PROTOCOLS\Handler\*" DeviceName="*\SOFTWARE\Classes\PROTOCOLS\Handler\*"/>
		<File Filename="*\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\*" DeviceName="*\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\*"/>
		<File Filename="*\SOFTWARE\Classes\CLSID*" DeviceName="*\SOFTWARE\Classes\CLSID*"/>
		<File Filename="*\SOFTWARE\Classes\AppID*" DeviceName="*\SOFTWARE\Classes\AppID*"/>
		<File Filename="*\SOFTWARE\Classes\LocalSettings\*" DeviceName="*\SOFTWARE\Classes\LocalSettings\*"/>
		<File Filename="*\SOFTWARE\Microsoft\Security Center\*" DeviceName="*\SOFTWARE\Microsoft\Security Center\*"/>
		<File Filename="*\SOFTWARE\Microsoft\Code Store Database\Distribution Units\*" DeviceName="*\SOFTWARE\Microsoft\Code Store Database\Distribution Units\*"/>
		<File Filename="*\SOFTWARE\Microsoft\Ctf\LangBarAddin\*" DeviceName="*\SOFTWARE\Microsoft\Ctf\LangBarAddin\*"/>
		<File Filename="HKUS\*\Environment\Path" DeviceName="HKUS\*\Environment\Path"/>
		<File Filename="HKUS\*\Control Panel\Desktop\SCRNSAVE.EXE" DeviceName="HKUS\*\Control Panel\Desktop\SCRNSAVE.EXE"/>
		<File Filename="HKUS\*\Control Panel\Don't Load\*" DeviceName="HKUS\*\Control Panel\Don't Load\*"/>
		<File Filename="*\Software\Microsoft\Windows\CurrentVersion\Control Panel\Don't Load\*" DeviceName="*\Software\Microsoft\Windows\CurrentVersion\Control Panel\Don't Load\*"/>
		<File Filename="*\SOFTWARE\Policies\*" DeviceName="*\SOFTWARE\Policies\*"/>
		<File Filename="*\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\*" DeviceName="*\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\*"/>
		<File Filename="*\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths*" DeviceName="*\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths*"/>

New (Used on "All Applications, Registry protection):

<Group UID="{E4FF4FFB-5227-4BF1-A8E5-01FB55D6AF59}" Name="Temporary Keys">
		<File Filename="*\SOFTWARE\Classes\*\shell" DeviceName="*\SOFTWARE\Classes\*\shell"/>
		<File Filename="*\SOFTWARE\Classes\*\shell\BagMRU*" DeviceName="*\SOFTWARE\Classes\*\shell\BagMRU*"/>
		<File Filename="*\SOFTWARE\Classes\*\shell\Bags*" DeviceName="*\SOFTWARE\Classes\*\shell\Bags*"/>
		<File Filename="*\SOFTWARE\Classes\*\shell\MuiCache*" DeviceName="*\SOFTWARE\Classes\*\shell\MuiCache*"/>


<Group UID="{DA976ABE-9ED5-4C60-A933-709D3ABF63E0}" Name="Pseudo COM Interfaces - Privileges">
		<File Filename="LocalSecurityAuthority.Backup" DeviceName="LocalSecurityAuthority.Backup"/>
		<File Filename="LocalSecurityAuthority.Restore" DeviceName="LocalSecurityAuthority.Restore"/>
		<File Filename="LocalSecurityAuthority.SystemEnvironment" DeviceName="LocalSecurityAuthority.SystemEnvironment"/>
		<File Filename="LocalSecurityAuthority.SystemTime" DeviceName="LocalSecurityAuthority.SystemTime"/>
		<File Filename="LocalSecurityAuthority.Tcb" DeviceName="LocalSecurityAuthority.Tcb"/>

Firewall Global Rules, last rule is Block IP in Any Any ICMPv6

So if someone imports “5.1 configuration” into 5.3, the new changes that you posted are overwritten by the old ones?

Is there any way to merge them?

If your a bit technical yes, download Winmerge to do easy diff compares

Export your 5.0.x config, uninstall 5.0.x, install 5.3.x, import 5.0.x config, after import reboot, export your 5.0.x config, create a copy of that so you can put the 5.3.x changes in the copy.

Now replace what’s not automatically merged but BEWARE to only cut & past from the tag.
DO NOT copy <Group UID" tags !

So take your exported copy and past the stuff between from “Important Keys”

Next remove the previous 5.0.x imported config from CIS, and import the edited config.

If you like this process repeat a winmerge and beware to not note UID as changes.

OK, I’ll try to do it with UltraCompare :-TU

Since I had to revert back to version 5.0 because there are some compatibility problems with ESET EAV, what happens if I import a “new” 5.3 “exported config” into 5.0?

Does it work or (since you warned me about the UID’s, that I see are different in the new/old config files) does it crash?

I didn’t try but my guess would be that it should work, however I would advise to verify your settings after import, the UID’s are not an issue for import. only if you cut and past from different configs it could mess things up…

with all due respect but wouldnt it be far safer and quicker just to install the new version and re-configure your settings…?
Just a thought. >:-D

In fact.
I had only to re-create eMule and uTorrent rules.
Just few minutes of work

Anyway the question was a more general one, regarding new rules, and I had the answer I needed :wink:

Not if your running FW on “very high” 118 apps and D+ on Paranoid 310 apps ;D

sorry ronny i stand corrected.
i didnt know there were that many applications.
take a year to re-install


Well fortunately a good bunch of them are portable so that saves a lot of installation overhead…

Well I see with winmerge the more difference so I refresh my rules, I usually set a precofigured rules and put it in my several pc
I made a Configuration file with NO rules for D+ in Proactive Configuration but with FW rules commonly used (Emule, Skype, Thunderbird) I use it in several pc and it’s works well
I simply put on a fresch configuration Proactive my rules basic for FW and import in several pc
it reduce more time, I have only to launch the program and choose the right rules for ex I launch Emule and at the popup I get the Threat Emule as… EMULE , simply

If you wont try this rulesset simply download it and give it a try is a cfgx files so just import with a different name exemple Preconfigured Proactive so you don’t overwrite nothing

The only thing to do is set your language, i think it set my languag (Italian) in your CIS
It’s based on 5.3 fresh install
in the past I make it for CIS 3 to CIS 5.1 and it works well
in an Italian forum where we talk about CIS other user use it (5.0 and 5.1 version) with no issue
CLT passed 340/340 to check it’s works well

Thanks :-TU
But in my case I prefer to rebuild the new rules every time, they are only a few :wink: