Today I tested CIS 6 Beta 2 Default Settings on real system XP SP3 32 Bits.
For the first time in my CIS test the result was not good.
After test I restarted the system & cleaned the temp files.
After restart I got a window, the usual window when we try to run .exe, I clicked run & it was detected by CAV. The file name was weird like hskgfksjgbazkjsb.exe. This shouldn’t happen with CIS, right?
There were 3 entries in msconfig - startup, all were malware, confirmed by MBAM & the file name were also weird as mentioned above.
CCE - Quick Repair showed WinLogon changed & UAC disabled, UAC disabled on XP?
CCE -AuoRun showed 2 entries from the 3 entries that were there in msconfig - startup. AutoRun showed 1 as malware & 1 as unknown, AutoRun couldn’t delete the unknown one.
Internet Explorer - Internet Options - Advanced Tab was missing & under Connection Tab, some settings are controlled by the administrator was shown. Clicking on LAN Settings under Connection Tab showed the automatic configuration greyed out & in the address there, there was something like c documents &…
Opening Internet Explorer showed Intranet Settings are disabled.
Security Center - Change the way security center alerts me, all the options were unchecked.
I was able to clean the infection & modifications. Only I didn’t know how to bring back the advanced tab in IE - Internet Options & remove the changed thing some settings are controlled by the admin. MBAM detected this but after cleaning & restarting the system it was still the same, only the greyed out automatic config & address mentioned above were back the way they were before test.
As always CTM restore solved everything.
I didn’t post the screenshots coz this is the first time in my CIS test there was infection i.e the startup malware entries & quite a few modifications & I was shocked. So I will test again & post everything.
In CIS 6, AutoSandbox - Now there are no popups like COM & Protected Things & are allowed or blocked automatically as per the specific situaltion. I think this is good in real life scenario & for majority of users. But I think instead of only automatically allowing or blocking popups they should give the option under AutoSandbox Dont give popup alerts with 3 choices allow, block & auto, auto being the default as it is now. Unchecking Dont give popup alerts should give popups like version 5, wot say?