IE 8 setting under D+ Paranoid Mode

Hi guys.

I am given CIS 5.3 (firewall and D+; Proactive Security) a try since I reinstall fresh my OS. 5.0 did not want to behave in my XP Pro when it came out a few months ago.

https://forums.comodo.com/install-setup-configuration-help-cis/cis-5-and-is-not-spy-sweeper-xp-spk-3-hang-at-boot-time-t62544.0.html;msg441821#msg441821

CIS 5.3 is behaving better. Still a couple of glitches when booting cold but much better. I have a question though. I have D+ set to Paranoid Mode, Sandbox disable and when I launch IE and I answer the alert to allow it and remember it, IE is set to custom but then IE wants to modify hundreds of registry keys, so I set it to the Predefine Policy of Windows System Application. However the only restriction this policy has is to ask for .exe files. What else should I modify to make IE safer under this rule??

BTW I have set my firewall to Custom Policy and IE as a Web Browser.

Any advice will be welcome. Thank you.

EDIT: Never mind. I added

\Software\Microsoft\Windows\Current Version\Internet Settings\Proxy

and

\Software\Classes\CLSID

Now the alerts are gone.

Did you change the Windows System Application policy or did you change the policy of IE?

Changing the policy of Windows System Application would not be the way to go. Making a policy for IE based on the Windows System Application policy plus added changes would be the way to go.

Hi EricJH.

Thank you for answering. No I did not touch Comodo Predifine Policies. I just set IE as custom and added the rules to avoid the alerts and filling up the memory. I think that way if any malware wants to change a file or a registry key, other than the wildcard, Comodo will still alert me. See screen shot.

Is it OK ?

[attachment deleted by admin]

I would strongly advice to remove the two registry keys at the bottom:
HKLM\SYSTEM\ControlSet???\Services*
HKLM\SYSTEM\ControlSet???\Control*

It is dangerous to have services or drivers installed without notification. Those actions will give malware kernel access; then you are infected and there is nothing D+ can do as you allowed the installation.

Sorry to say but those rules were written by Comodo automatically. I wrote the rules in my EDIT OP taken from IE in safe Mode.

EDIT:

I removed both entries as adviced; However, HKLM\SYSTEM\ControlSet???\Services* is back in the rules.