CIS self protection is attached to D+ i.e D+ disabled means self protection disabled too, right?
I want to run only CFW & CAV, no D+ & SB. So to run only FW & AV I will disable D+ but it will also disable self protection, right?
So to run only FW & AV but with self protection & no D+ & SB I have configured CIS in the following way.
I have kept D+ enabled but SB disabled & have checked Dont give popup alerts - allow under D+ settings.
In this way I get FW & AV with self protection & though D+ is enabled but it is like disabled as everything is allowed under D+ & SB is disabled too.
So now the self protection is there, right?
I checked this procedure by trying to end cmdagent through taskmanager & got access denied. That means the procedure is fine, right?
If only FW & AV is run with D+ disabled, cmdagent can be killed through taskmanager but not with the above procedure.
You’ve got self protection by having D+ enabled. When you can’t close down cfp.exe and cmdagent.exe with Task Manager that proofs self protection is functional.
That means the procedure I have mentioned is correct & one gets FW & AV with self protection & no working D+ i.e D+ is enabled for self protection only & no other things, right?
Since the addition of do not show popup alerts and allow requests, this seems like a good way to disable D+ but keep the self protection for cfp.exe and cmdagent.exe.
When using this method, to ensure that no other parts of D+ are active I’m going to use the following config. for D+ settings.
General Settings: Safe mode, with only Do not show popup alerts - Allow Requests box checked.
Execution Control Settings: Disabled.
Sandbox Settings: Disabled.
Monitoring Settings: Only Processes’ Termination box checked.
I’ve tested this config and I’m unable to terminate cfp.exe or cmdagent.exe using task manager.
Along with other members, I’ve always thought there should be a way to disable D+ without losing self protection for cfp.exe and cmdagent.exe. Sounds like this would be a good suggestion for the wish list.