Execution alerts - how to get them if you want them? [V5]

This FAQ tells you how to ensure that CIS asks for your permission to allow programs started by Explorer.exe to run. That is, it tells you how to ensure that CIS gives execution alerts for Explorer.exe.

Explorer.exe provides the main user interface for Windows. So if you do this you will get execution alerts for almost all programs you start manually unless you have previously created a rule to allow Explorer.exe to run them. (Such rules are usually created by pressing the allow button on an execution alert and asking CIS to remember the permission). The value of such alerts is that you may otherwise be tricked into starting a malicious program inadvertently.

[ol]- Change configuration to Proactive Security using More ~ Manage Configurations ~ Proactive ~ Activate.

  • If you want execution alerts for trusted applications (Computer Security Policy concept) and/or trusted files (Autosandbox concept) change to Paranoid Mode using Defense plus ~ Defense plus settings Othewise ensure you are in Safe Mode.
  • If you want execution alerts for unrecognised applications, turn off the sandbox using Defense+ ~ Sandbox settings ~ Disabled
  • Reboot to ensure full effect for new settings[/ol]

Please note that if you choose to turn the autosandbox off you will receive all the alerts normally suppressed by the sandbox, not just execution alerts.