I just upgraded from CIS 5.10 to 7.0, and I see that one of the configuration options is missing: “Deactivate the Defense+ permanently (Requires a system restart)”. I use just the antivirus and firewall, so I would like to prevent Defense+ from slowing down my PC. With CIS 5.10, I found this made a significant system speed impact.
In CIS 5.10, an active Defense+ would put its DLL name in AppInit_DLLs of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window s NT\CurrentVersion\Windows registry (for 32-bit OS). In CIS 7.0, I don’t find the Defense+ DLL name in the AppInit_DLLs registry – even when “Detect shellcode injections” is enabled under Defense+ > Behavior Blocker. Where in the registry does Defense+ hook in with CIS 7.0?
Exactly what features in Defense+ do I need to disable to see this hook go away (after a system restart)?
Right click the tray icon and choose Advanced View. You then can Disable any of the of the sub features from the tray icon. D+ is now called HIPS. You can disable it there. All of the other sub features will bring up a timer dialog when disabled, letting you choose how log to disable. “Permanently” is available for those as well (there is no timer option for HIPS, although many have asked for it).
I can’t help you with the registry entries.
Yes, I am already using Advanced View.
I notice that CIS 7.0 is significantly slowing down boot up compared to CIS 5.10. I have unchecked “Enable HIPS” and all check boxes under Behavior Blocker, yet the slow-down persists. Also, this 32-bit Win7 PC displays “Protected” for all three tests in Comodo’s buffer overflow tester:
This may be a bug given that “Detect shellcode injections” is unchecked under CIS’ Behavior Blocker and EMET’s DEP is disabled.
So I would still like to know the answers to my questions in the opening post. CIS did not give me an option for whether to install Defense+, I can’t figure out how to disable it.