I was wondering, how do I make a rating scan of the whole computer? The thing is, I have HIPS turned off but I also have the sandbox to BLOCK all unknown files but I also have trusted vendors off so pretty much all files that aren’t in my “Trusted” list are blocked.
But as you might imagine there are quite a few unknown files in my computer but I’m certain they’re all clean, hence I want to add them all to be trusted, with hips on you’d just do Clean PC mode but since I don’t want HIPS to be on I don’t know any other way than manually search all files or do a rating scan. But I can’t find a way to do a rating scan of the whole computer.
On top of not being able to make a rating scan of the whole computer, CIS does NOT make an alert when something is Blocked by the behavior blocker, which is something I HATE, so there is no pop up asking “Trust File” when one of these files are executed. They just go into the unrecognized list and stay there without a sound until you happen upon the list to see they’re there.
So if anyone could point me in the right direction in order to make a rating scan of the whole computer then please help me. Other than that, if you’re a developer of CIS… please make an alert for things being blocked by the Behavior blocker!
Thank you.
Edit: Setting HIPS to Clean PC mode fixed my issue with setting current files to be trusted and hence not blocked by the auto-sandbox!
Yes but it only scans commonly infected areas and memory, I want to scan everything in order to find all the unknown files in order to make them trusted.
With a default installation CIS is set to not show alerts unless you disabled it during installation. But the problem now is that I can’t find how to tell CIS to show alerts when it automatically sandboxes an unknown program…
What is keeping you from going through the Unrecognised Files list and manually making desired files Trusted Files? That does not differ that much from getting a rating scan results screen. The big disadvantage of the Rating Scan Result Screen is that it can’t be maximized… :-\
The thing is that the Sandbox makes a notification for EVERY level of security where you can click to not sandbox it in the future. EXCEPT for the “Blocked” level, there it is just silent.
Nothing keeps me from going to the unrecognized files list and manually adding the blocked applications to trusted files. However it is quite bothersome to do that when CIS doesn’t even tell you that an application has been blocked. And with “Trusted vendors” turned off, a lot of files are unknown however I want all my current files on my PC to be trusted and ALL downloaded files unrecognized by default.
Edit: Also, if I go into the trusted files list and add for example my C drive to the trusted list, will all files in that drive be trusted by default even if they are added afterwards or is it just the files currently there which are added to the trusted files?
Adding the C drive to Trusted Files will make CIS always trust all files. I advice in the strongest way possible against this. Part of the C drive are protected files and folders and this may reduce the protection of CIS.
I need to wrap my head around the implications of trusting the system drive.
On a side note. I am noticing you want a lot of control over your system, you removed big part of the TVL for example, yet on the other side you don’t want the extra work it brings. I am afraid there are no easy solutions for the extra work getting above average control.
The extra work as in having to allow every little file on the computer I can live with, just wanted to see if there is a way to make all current files on the system trusted and every new file unknown.
Now the part I still dislike is that CIS doesn’t ever notify when it blocks a program through the auto-sandbox. When the sendbox uses for example “Partially Limited” It will create a notification where it says the process has been sandboxed and there is something you can click to make CIS aware that you don’t want it sandboxed again. But when using “Blocked” setting, it just doesn’t notify so I don’t know whether it’s CIS blocking it or if something is wrong so I have to go to the unrecognized files just to check if it was CIS blocking the program.
Now here’s another question: If I change HIPS from off to Clean PC, will that also make the files on my current PC trusted and hence also make it bypass the auto-sandbox? I will try it now but wanted to ask just to be sure because if it works then it pretty much solves my problem with files already on the computer being blocked.
However it does not fix the fact that CIS does not notify me when it blocks something through auto-sandbox. I made a wish about this in August 23rd or so, it got 5 votes for yes and 0 for no, but it was never implemented, guess it won’t get implemented unless enough people actually cares, huh?
Edit: Hey hey look at that, Clean PC mode actually fixed the problem with current files!