How to put explorer.exe in custom policy mode?

installed latest version of CIS. Seems explorer.exe is alowed to run any executable without any interception in this version. The behavior persists even if I put explorer.exe under custom policy mode in Defence Plus rules( Computer Security Policy). There seems no way to apply custom policy to explorer.exe.

Am I true? Can anyone confirm this?


That is NOT right.
If you add explorer.exe to Computer Security Policy at TOP and assign Custom Rights, then Modify Rights (for example) Run Executables and add to Blocked (for example) Notepad.exe, after that you will not be able to launch Notepad via Start-Programs-…

I’ve just made it. CleanPC Mode

p.s. I think the main step is putting Explorer.exe Policy ABOVE “Windows System Applications”

Btw - first Rule of asking the questions about not working Rules and so on - TELL US what Mode D+ currently in!
For example - in CleanPC Mode you will be alerted only if explorer.exe will try to launch executables from My Pending Files. Otherwise in CleanPC will be no alert, but only notify about learned rule =)

Thanks for all your relies.

That,s so strange. I just noticed that I don,t get any execution alert for any application. I executed one file via explorer.exe and iexplorer.exe both. No alerts at all. I amusing paranoid mode. I do get alert about other actions like hooking, memory access etc etc. It does not matter if I put explorer.exe above or below system applications.

So weired. Any suggestions? Thanks

What is your version?

[attachment deleted by admin]

My God! I found out the cause.

It was Image Execution Control in Defence Plus that was disabled. Hmmm…It,s OK now if I put it back to normal.

But very strange that by default image execution control is disabled in Defence Plus. Am I true?

[attachment deleted by admin]

Hello Aigle. Yes by default it’s turned off… I have mixed views on the default settings. Though, Perhaps it is no a security risk → Since if the executable is bad it will try to modify “My protected files” and there for you will get an alert.

Thanks for confirmation.