Help with new version: Network Security Policy and Alerts

Hello. I recently installed the latest version of CIS and I noticed that it does not give near as many alerts as it used to, which is great, except that it doesn’t ask me what I want to do when an application or process tries to access the network. This concerned me so I went into the network security policy, and instead of having a list of applications like it used to, it just seems that “All Applications” are allowed. How can I get it back to the way it was? Like if I launch uTorrent, it asks what I want to do, and I can tell it “treat as a trusted application”.

Also, defense+ is not giving my any alerts at all. This is directly after the install, whereas before it took me like a month to get it to that point because I had to train it. I’m happy not having to do that this time, but I’m worried it may not be giving me the same protection.

Just FYI, all settings are at their defaults, and I have always used the default settings. It may be that the defaults on this version are not the same as the defaults on previous versions. Thanks in advance for your replies :slight_smile:

The defaults changed with v4.

First the Global Rules changed to default stealth. That means that all unsolicited incoming traffic gets blocked without notification. So, you won’t get notifications for incoming when running p2p and other programs that need server rights. To open ports for them Global Rules need to be edited.

Second CIS won’t make rules for Safe Applications. To see rules for Firewall and Defense + you need to enable “Make rules for safe applications” under Firewall Behaviour Settings and Defense + Settings.

All safe program get a default allow all outgoing rule and are placed under and subordinate to the All Applications rule. That means that when you want to change safe program’s rule you need to move it to a place above the All Applications rule or delete the All Applications rule. Deleting the All Applications rule will give alerts from all programs (this situation is also the default of the Proactive Security).

Let me know if you have more questions.