Behavior Blocker, not enough options

SanyaIV · June 20, 2013, 4:54am

I agree, we should limit CIS to what other security vendors do, no innovation is allowed!

nsm0220 · June 20, 2013, 6:16am

btw cis behavior blocker is one of the best behavior blockers out there

Dch48 · June 20, 2013, 6:31pm

Even though it is not a true “behavior blocker” but rather a more silent implementation of the underlying HIPS technology.

andrei1997 · June 20, 2013, 6:52pm

That is very true. It is a like a set of rules to follow automatically without alerting the user. I would like a more proactive approach and more settings.

Dch48 · June 20, 2013, 6:56pm

To me, if that’s what you want, you can just turn on HIPS and turn off the BB. I can’t see a reason to use both.

Solarlynx · June 21, 2013, 1:48pm

Yeap, that’s my variant - BB off and HIPS on. It will be until the BB becomes real Behavior Blocker and not an alias of the AutoSandbox.

andrei1997 · June 26, 2013, 8:39pm

In 6.2 they have got rid of the term Behavior blocker and changed it to auto-sandbox. I think that name suits it better.

SanyaIV · June 26, 2013, 9:05pm

Indeed they have, didn’t even notice. Though the advanced settings still says “Behavior Blocker”

bazolo · July 26, 2013, 3:58am

Decisively +1

HIPS and BB are not alternatives. Currently, they complement each other, from the point of view of safety.
BB has the one VERY important function (HIPS does not have it) - I mean checksum verification of executable files.
It is especially important in the case of unrecognized files treated as trusted by user. Any modification of these files will trigger a new alarm.
The HIPS (when BB is off) recognizes files only by path and name, so… for example, simple replacement of safe exe with destructive will give silent full permission for a unwanted actions (when earlier HIPS rule was set to e.g. typical Allowed Application).
In the scenario when both BB and HIPS are turned on, the HIPS checks own rules but unfortunately without popup alerts, even when HIPS rule contains Ask options. But Block options in the rules works, so user can manually set needed restrictions for specific resources.

dougnukem · September 9, 2013, 5:10pm

+1

Should definitely be a 4th Button letting you run the software out of the Sandbox but with HIPS control.

For those concerned about the novice users, I think the Basic / Advanced View could also solve this problem.

Dch48 · September 9, 2013, 5:20pm

Since the BB actually runs as a controllable and much more silent version of HIPS, I see no reason for both to be on. I think the default setting of BB on and HIPS off is the way to go.

Dennis2 · September 9, 2013, 5:51pm

+1