Default Config good enough?

I have been reading in the beta forum and I know that it means it isn’t the completed product that there has been a bypass. While reading that they were discussing the default config not being good enough. Do you believe this to be true as I have only just arrived back with Comodo from a stint with Norton and was wondering whether there should be any changes I should make from the stock set up.

Or do you guys think that the Default is good enough?

With the exception of removing the “allow all outgoing” rule added to the default Internet Security configuration that was added with the release of 5.5, I run the default configuration.

Thanks for your reply

for any program, i would go one time through the settings. and for sure i will find this or that what i would want to change.
default is for a majority of people (example less questions).
self settings can be made for additional “majority” security and control (example more questions).

you must decide which setting is the best for you.
you would find default users, and you would find people who say like me, do the settings yourself. so there is not one answer alone to your question.

To be honest I was just wondering what people thought. I personally don’t have an interest in changing them as long as it protects me. I do know what I am doing the a PC and could tweak it but didn’t really want to take the time to go through it if there was some definite things that people would change.

as long as it protects you from what?
the default setting can be too low for some cases. thats why you should compare your expectations to the given default settings.

whatever program i use, i start with the settings. if this might not be necessary for every program; especially for security programs it can be “vital”.

You need to define your balance between security and usability.
For example i use the Automatic sandbox to “Blocked” for greater protection. The problem here is that i need to have every single safe file of my computer whitelisted. Normally is not a problem because most of my applications (DS) are in the TVL.
For me this is a good balance because security is my main concern. For others it may just be to much work for the extra security.

s long as it protects you from what? the default setting can be too low for some cases. thats why you should compare your expectations to the given default settings.

Exactly, the default settings may well protect you from most threats you might find. But one day you could find something really nasty, that only “untrusted” or “blocked” will be able to protect you.
In the end you have to define you balance between security and usability.

PS- CIS V.6 will bring virtualizatiion with the AS, making the default of CIS stronger.

thanks for your replies think I might leave it as stock as I haven’t been infected in years anyway

You have just found your balance :wink: :smiley:

If you test it against malware, I recommend you to switch to Proactive Security and Unrecognized=Untrusted.
There will be less dropped files but infection will happen if you come across trusted malware.

Don’t test malware

Hello everyone,

I have mentioned to post in this thread for any questions I have in regards to the CIS Firewall settings. I’m not sure if someone could help with the Defense+, and Sandbox settings as well?

I am very slow at learning, and by following a few of these replies, and by following the advice of MrBrain, I’m getting more confused and frustrated. I was following his anti-execution guide, but it was complicated by just reading the words alone, so he gave me another guide, but he’s requesting to take it down from this forum, but I was confused again.

May I ask are there any guides for security settings for the CIS part, and are there any guides for anti-execution for the D+ part?

I hope someone can reply back!

Did you already see my article?

Is your article guide, and based on CIS, and D+? Could you please post me a link directly to that article?

Thank you for your reply,

Hey Chiron,

Would the article be in your signature below your name? I have a look at it. It seems much easier than those advanced guides I was looking at. I’m not saying that MrBrain isn’t a good writer. He does know what he’s talking about, but it was too advanced for me. Thank you for your article.

The Chiron’s guide to tune the CIS is great. :-TU Thank you, Chiron! :slight_smile:
I add some minor changes to av scanner (don’t scan archives, enable cloud scanning).