I have latest version CIS Pro. I use setting by Chiron. I have this settings:
AV - stateful
FW- custom
HIPS - OFF
Sandbox - fully virtualized
I found some suspect file today from malwaredomainlist.com. I downloaded it. When I try launch this file, CIS allow to run the virus. File is not launched in sandbox. Why?
The file is signed by Microsoft (probably it is false). Sorry for me English.