after having updated from CIS4 to CIS5 I have set up CIS completely new.
Explorer.exe has automatically been defined as trusted application in the D+ policy. (This must either be a standard CIS setting or the first start of CIS5 has created that entry.)
“Trusted application” means that D+ asks for permission if explorer.exe wants to start an application. This happens in the beginning quite often, e.g. each start of an application from the start menu.
My question is, whether it is safe to define explorer.exe as windows system application (which means it is allowed to start any application without confirmation), or whether malware can use explorer.exe to start any harmful activity automatically then.
Thanks for the quick response.
Could you, please, explain more detailed, why both options are unsafe? How can malware exploit these settings?
And what would be a safe policy for explorer.exe?
Well, and were does the (unsafe) policy entry come from, since I have not created it manually? Does D+ in Safe Mode learn all activities of explorer.exe, because Microsoft Corporation is a Trusted Vendor? And thus create an unsafe policy entry?
I understand this as a support for a “trusted application” policy, that allows everything except launching other applications.
But brucine mentioned, that even that would be unsafe for explorer.exe.
What else than launching applications should be asked for in a question window?
May leave it at its default settings (trusted). That’s what i do since ancient versions of Comodo Firewall. Until there will appear a way to hijack/replace/modify explorer.exe by malware, nothing to wory about O0