IE 8 and new version CIS 5.4


Have you noticed that with the new version CIS 5.4, in paranoid mode, Defense+ alerts you a lot more than before of modifications to registry keys when using IE 8.

For exemple, simply to change security settings in IE8 from medium to high, we receive now more than 50 popups!

What have been changed in CIS 5.4 which triggered these new alerts? What previous security holes is it aimed to fix? I thought that the monitoring of IE8 by Def+ in CIS 5.3 and previous versions was already tight, so why strenghten it?



The keys added in the protected registry keys of IE and triggering the new popups as mentionned in my OP, iare :
*\SOFTWARE\Microsoft\Windows\Current Version\Internet Settings\Zones*

They manage the security and confidentiality parameters in IE.

The zones related are
zone 0 : my computer
zone 1 : Intranet
zone 2 : trusted sites
zone 3 : internet
zone 4 : restricted sites

Same question : why have the keys been added in CIS version 5.4?

I think these keys can be used to specify safe sites. Malware could exploit this and declare a site safe before navigating to it, thereby switching on say Javascript.

Just a guess


Thank you mouse1 for answering.

Indeed the key detemine the content of the 5 zones. But in the previous versions of CIS, it wasn’t in the protected ones. So I’m wondering if there has been specific attacks observed by Comodo which triggered the the adding up of that key in the new version.


Sorry I don’t know. Maybe Egemen can help if he’s around

Best wishes


I note that these keys can come up in AV scans as well, as rootkit detection results, if rootkit scanning is switched on.

Thanks mouse for your explanations.

This key could then be a serious gate for malwares. I see better why it has been added in the new version.