HIPS allows Notepad in Unrecognized state

Don’t I understand something? If I want, I can block notepad or I can let it run, and if needed I let it run. But I, too, don’t like testing.

Edit: But I didn’t do it with HIPS alone.

As I’ve said, if you don’t want Windows applications to access the file then use Paranoid Mode.

If you are just trying to protect a .txt file from being opened by notepad because you think that notepad.exe may be exploited, then you should also consider which other Windows processes on your machine can potentially be exploited to open a text file also. Therefore, if you do not trust all Windows processes, you can enable paranoid mode.


Hi Dharshu,

Does there exist a CIS command line option or CIS registry key setting with which it is possible to disable the aforementioned whitelist to enable the CIS pre-V12 HIPS Safe mode functionality again so that “HIPS in Safe mode with Unrecognized files” functionality works again for all executables from all vendors like it did work in HIPS Safe mode in all CIS pre-V12 versions?

Thank you.

Hard-coded means it is permanently programmed that way so there is nothing that can be done to change this other than them re-coding it to change the behavior. I’m not sure why you are making a big deal of this when there is no reason to be able to change rating of MS signed binaries or change MS vendor rating in the vendor list. I will quote what was said to me when I found out this behavior and reported it in comodo bug tracker:

This is an expected behavior of CIS. It’s by design.
Please let us know why you think it is required for the CIS to allow changing rating for MS signed executables.

This could be due to several reasons, such as a potential conflict with other security settings or a specific configuration issue within HIPS itself.