Have you noticed that with the new version CIS 5.4, in paranoid mode, Defense+ alerts you a lot more than before of modifications to registry keys when using IE 8.
For exemple, simply to change security settings in IE8 from medium to high, we receive now more than 50 popups!
What have been changed in CIS 5.4 which triggered these new alerts? What previous security holes is it aimed to fix? I thought that the monitoring of IE8 by Def+ in CIS 5.3 and previous versions was already tight, so why strenghten it?
The keys added in the protected registry keys of IE and triggering the new popups as mentionned in my OP, iare :
*\SOFTWARE\Microsoft\Windows\Current Version\Internet Settings\Zones*
They manage the security and confidentiality parameters in IE.
The zones related are
zone 0 : my computer
zone 1 : Intranet
zone 2 : trusted sites
zone 3 : internet
zone 4 : restricted sites
Same question : why have the keys been added in CIS version 5.4?
I think these keys can be used to specify safe sites. Malware could exploit this and declare a site safe before navigating to it, thereby switching on say Javascript.
Indeed the key detemine the content of the 5 zones. But in the previous versions of CIS, it wasn’t in the protected ones. So I’m wondering if there has been specific attacks observed by Comodo which triggered the the adding up of that key in the new version.