CIS Protection Improvement Suggestion.

I suggest and please that you add a feature to next updates of CIS-Antivirus that can help i think a lot with the total protection. Since most of the program and especially the browsers does not call their self with points ( explain Firefox.exe -a 0x0blah ) and since the CIS AV scan the processing of programs i suggest that you add an detection and protection to AV / HIPS for that kind of exploits and attacks that can help a lot with protecting from program Exploiting, Hollow process and some injection technics.

Long story sort, i got hacked before some time that i was using CIS and it seems that they used what i describe to bypass the protections. That was hidden and not vissible in the trusted list until i bringed it to front by overflowing some things.
Since Atom Tables is the way to go and Hollow and staff is a nightmare i would really like to see real protection improvements.


Now that the entire database doesn’t get downloaded by default.

Try disabling cloud lookup and then removing all signatures from the locally stored list of trusted vendors that aren’t for things you actively use.

like this guide by CruelSister shows

You may also want to set the auto-containment to block instead of sandbox. That way, when you want to install something new, it won’t get sandboxed right away, but rather blocked and prevented from doing anything at all.

You may also want to periodically do a lookup of the vendor names in the list after the ones you don’t need are purged.