Does checking the box in the settings.
create rules for safe applications hinder the security of the computer? also how come it isnt check for the internet security config by default?
wouldnt that lessen the popups even more?
I think not creating rules for safe applications makes it more secure. In 3.14 a rule was created for everything a safe application did. If the safe application was replaced by something with the same name it would have the rules still there and be allowed to do everything the safe application was allowed to do with no pop-ups.
As safe applications can do what they want without pop-ups why create rules?
i was just wondering about the setting on why it was there because i thought that CIS4 already did that.
I wonder how many people would take notice when a program, that was changed without them knowing, asked for something it didn’t ask before. And I also wonder whether the current rules already didn’t allow that type of alert.
I doubt it will seriously harm the computer’s security. We are still speaking about Safe Mode here in which rules are automatically applied. All the other concerns are for people who want more than what default gives us anyway.
May be it would more sense to make the Program Files folder part of the protected files and folder list?
To make use of rules of D+ config malware has to change/replace safe executable, hence malware has to bypass D+ protection which guards ALL executables by default (true at least for proactive config) – “almost impossible” :-X
Then… it does not matter what is more secure: existence of rules in D+ config or absense of these rules.
Excessively, imo. Because… D+ guards executables of whole system irregardless of their path. Hence all “objects of interest” in Program Files are already protected.
“Create rules for safe apps” makes sense when you want to edit the rules, that is have finer control. Eg. check the box. Run firefox. Now edit the rules for firefox as per your liking, this provided more granularity. Otherwise its ok to leave i unchecked.
One advantage of leaving it unchecked is only “un-safe” or non-whiteliested apps will have rules so one can easily edit/delete them. makes management easier.
Assuming you would want to make rules on the fly. Firefox is whitelisted so you wouldn’t get alerts anyway unless you put Firewall in Custom Mode and enabled “Create rules for safe applications”.
With Safe Mode it makes sense to not store rules then.
Yeah got it, but I was talking about a scenario where I have blocked execution of executable files by firefox, baring 3 entries - so that firefox can’t launch anything except those i specified.
I use cis as an anti-executable so creating rules and editing them is a part of the process.
If a user is using proactive security and attempting to use V4 in similar fashion to V3 then should the “Create rules for safe apps” box be checked or unchecked?.
It should be checked. Otherwise CIS will apply rules without putting them in Computer Security Policy (or Network Security Policy → Application Rules for the firewall).
Thank you EricJH,
This of course will also apply to both settings ie the tick boxes in both Def+ and Firewall?.
It applies to both of them. You need to enable in both Firewall and D+.