CIS 6 doubts/curiosities

Hello, I have installed CIS6 on a PC, choosing only firewall and D+, and I have doubts/curiosities:

1) Since I have excluded the antivirus during installation, why in the program interface there is the “scan”,“quarantine”“update” (in fact in the description of the latter says: Start updating of the program and virus database)?

http://s9.postimg.org/n04yhwpbf/dsgryq.jpg

2) Disabling the behavior blocker must also disable the boxes below or automatically they lose functionality by disabling the box of BB?

http://s22.postimg.org/njneokkot/ggfryw.jpg

3) What is “set popup alerts to verbose mode”?

http://s11.postimg.org/9cxsen4q7/Catturah.jpg

4) In the firewall tab is advisable or not to check the box “Block fragmented IP traffic” and “Do protocol analisys”?

http://s18.postimg.org/5pp2fvmid/jkjbj.jpg

Thanks for helps and sorry for my english

That sounds like minor bug in the GUI. If you feel up to it you can submit this as a bug following this guide and post in the bug report board

[B]2)[/B] Disabling the [B] behavior blocker [/B] must also disable the boxes below or automatically they lose functionality by disabling the box of BB?
Only the check box for "Define exceptions for Behaviour Blocker" should be disbled.
[B]3)[/B] What is [B]"set popup alerts to verbose mode"[/B]?
You will get more detailed alerts. The alerts have an arrow which will give more information when pushed.
[B]4)[/B] In the firewall tab is advisable or not to check the box [B]"Block fragmented IP traffic"[/B] and [B]"Do protocol analisys"[/B]? Thanks for helps and sorry for my english
Block fragmented IP datagrams is not needed for most users. The packages have a role in establishing connections. Enabling is known to cause problems sometimes on big local networks like from corporations and colleges.

Do protocol analysis is protection against denial of service attacks.That is not a type of attack regular users are very likely to meet. These attacks are aimed at servers. Also most home users are behind routers which is an additional protection layer.

When using wireless connection on your local network I advice to enable ARP cache protectoin

Thanks EricJH for the reply :slight_smile:

Another doubt:


http://s11.postimg.org/gtadmg7z3/manca_opzione_come_cis5.jpg

In Firewall Tasks - Stealth Ports in Cis6 there are only 2 options of choice, while in CIS 5 there were 3.
Already in default is set to one of the 2 options? Or I have to select one of the two?

Then it is normal this conduct?
By clicking on “Alert incoming connections”

http://s18.postimg.org/7ck90o58l/jouoog.jpg

in global rules it gives me all blocks

while clicking on the “Block incoming connections”

http://s24.postimg.org/4j2q9qlep/turru.jpg

in global rules it gives me more permissive rules
Should not it be the opposite?
Thanks for help

Various people miss that third option that v6 does not have.

Already in default is set to one of the 2 options? Or I have to select one of the two?
The choice is completely yours.
Then it is normal this conduct? By clicking on [b]"Alert incoming connections"[/b]

in global rules it gives me all blocks

while clicking on the “Block incoming connections”

in global rules it gives me more permissive rules
Should not it be the opposite?
Thanks for help

The two sets of Global Rules are the regular default rules for the two choices from the Stealth Ports Wizard.

With the first set of rules you will be asked for all unsolicited incoming traffic and only a limited set of traffic gets blocked. This option is helpful for if you are on a LAN and want to share sources between computers. Once you get the alert you will give permission and rules are made.

With the second set of rules everything is blocked (that’s the block rule at the bottom) and only two types of unsolicited ICMP messages are allowed. This one is therefor much stricter and almost completely closed to networks. Remember it won’t ask you anything.

But if I do not choose any of the 2 options, which of the 2 options (“Block incoming connections” or “Alert incoming connections”) CIS set to default?
Thanks :slight_smile:

The defaults of Global Rules differ. For the Internet Security configuration the Global Rules are set to block all incoming traffic and for the Proactive Security configuration the Global Rules are set to ask for incoming connections. If I recall correctly.

However Comodo flip flopped in the past with which of the Global Rules is set with Internet Security or Proactive Security.

I understand, thank you very much…you have been very kind and helpful :slight_smile:

Hi,
I made the CLT test and with the behavior blocker enabled I do not pass it (310/340), while disabling it, I’ll pass the test.
For added security should disable the BB?
Thanks.

CLT is a leak test made to test HIPS solutions and not sandbox solutions some of the results may be faulty when using CLT for testing the security of a sandbox.