I’ve had a quick look in the help file but couldn’t find an answer to my question ???. My question being, how are processes treated by CIS4? As in (for example) if I loaded a common application (say IE), what checks are made and in what order before the application actually loads, appears on screen. The same for rouge applications. At what stage (check) does CIS4 block/quarantine this process? I’m thinking of a step-by-step flow diagram (with big icons) showing how processes are managed by CIS4 (from start to finish).
If you think this would be a good / bad idea, please vote. I’m sure I’m not the only one who doesn’t fully understand how CIS4 works and having this process as an image, would make it easier to understand.
Sorry, but the manual is confused and contradictory.
We are focussed upon the Sandbox part of the manual.
This naturally suggests that if the Sandbox part is disabled,
there will be no A.V., nor Defense+, nor Buffer Overflow Check.
Subsequently it states it will NOT be sandboxed if it is on a Safe List or recognised as an installer.
Does this mean no A.V., nor Defense+, nor Buffer Overflow Check.
Question :-
If I download a software package and the A.V. complains about double extension or other suspicion,
and I think its suspicions are ill founded,
is it possible to proceed with installation and still get protection if further “nasties” emerge from “unpacking”,
or will it be permitted to download 7 more diabolicals more evil than itself ?
My quote from the manual states in general “When an executable is run it passes through the following CIS security inspections:”. I didn’t quote the complete sequence but it describes the decision process that precedes a possible decision to sandbox. At the end of the description is also states “The process outlined above is taken each time the application is run.”
Subsequently it states it will NOT be sandboxed if it is on a Safe List or recognised as an installer.
Does this mean no A.V., nor Defense+, nor Buffer Overflow Check.
Read the above. A lot of checking has already been done before that point as well as an alert was given to the user asking for an elevated privilege.
Question :-
If I download a software package and the A.V. complains about double extension or other suspicion,
and I think its suspicions are ill founded,
is it possible to proceed with installation and still get protection if further "nasties" emerge from "unpacking",
or will it be permitted to download 7 more diabolicals more evil than itself ?
Alan
The double extension will probably be from the AV which is first in the process. So after that D+ heuristics may kick in as well that could issue a warning.
When installing programs that will install a toolbar I get warnings from the firewall that f.e. Ask Toolbar Installer wants to access the internet. However this is in Proactive with Firewall to Custom this seems to imply that the firewall alerts are not suspended when running with Elevated Privileges. Remember that Elevated Privileges is a D+ alert; I take from that bare fact alone it extends to D+ alone.