Hi,
I want to install CFW on a Win 7 PC already running MS Security Essentials to improve the security significantly. I did some initial tests in Vrtualbox with MSE installed and I noticed that the default install of CFW is for HIPS switched on and Auto-Sandbox off.
I find HIPS too difficult / time-consuming to get my head around these days so I’ve turned it off and enabled auto-sandbox instead and run a few recent malware samples, all seemed to work OK.
But I worry if there might be a clash in the future between the default auto-sandbox settings and MSE, specifically with the auto-sandbox setting set to block all applications with a malicious rating? I think they may fight over the same piece of malware they both identify as malicious, or something may slip through as a result? I guess if that happens, other elements of the sandbox may kick in and isolate the malware? Even if that fails at least it may not communicate outwards with CFW blocking it, or does disabling that first rule have a knock-on effect throught the rest of the auto-sandbox?
I am considering simply disabling this furst rule of blocking all malicious applications and relying on MSE to deal with malicious ratings and actions, but not sure of the impact on the rest of the detection / isolation process if I do so, and I don’t have time to test these various combinations.
Are there recommended settings for this combination, or any suggestions from the experts here please?