When you purge the CSP, you get a list of files which don’t exist on your system anymore, so that you can remove them from the Policy. What I’d like to see is checkboxes by each file, so that you can remove only the files that you want to (with a Select/Deselect all box too).
This would help people (like me) who run some apps off a USB drive, since if I purge CSP after I remove the drive, those apps rules would be removed, therefore resulting in the popups again when I next insert the USB drive.
Interesting idea, Beanie. Here is something to consider: Removable drives are not trusted by default. This is a valid setting. Suppose I make a file trusted or have access to my system, and this file is on my USB stick. I remove the stick (your scenario). I know my file is clean at this moment. Now, one of two possibilities can occur to make this setting valid. Either I plug this stick into a friend’s system (it may be infected and therefore infect the stick) or my friend brings over his stick with the same files I marked as trusted on my own stick (his files may still be infected). Both cases I have an infected stick being plugged into my system. If these files were considered trusted by default, my system would now be infected.
The same would hold true for network security, as I see you posted the idea there as well.
Although the idea has merit, I do not think it would be sound practice to permit this activity in real life.
I could be wrong, but this is just my thoughts.
Thats a good point, I never thought of that. Maybe theres a workaround. I know ZA has a feature where it displays a new alert (FW only though) if a file has been changed… does/could CIS have a feature like that?
I know Avast! creates a database of all the files on a system for the purpose of attempting a rebuild/restore should a file become infected. Maybe this is something that could be added to the wishlist?
Maybe not a database like that in avast, since that will sort of be replicated when Time Machine is integrated.
I was thinking more if CIS could detect if a file has been modified (eg modification though a software update, or from malicious tampering) and reset the rules for that file, cauing the alerts to show again for that file. Those alerts could show something saying File has been modified!