As somewhat of an extension of this suggestion to classify programs before they run, I’d like to be able to create a custom rule when CIS prompts me to accept/deny an access request.
For example, say you have a program that regularly requests connections to 127.0.0.1 on various, random unregistered ports, and you don’t want to simply allow access to everything using the Trusted preset. With the current CIS, you have two choices: You can either accept the dialog every time one of these requests is made (Thus netting on one custom rule for each of these requests), or you can do what I do and leave the dialog open, open CIS, dig down into the HIPS rules (Which takes no less than three clicks once CIS is open. It takes SEVEN to get to the HIPS rules–really, why are any of the rules lists buried so?), find the relevant application, open its rules list, add a new [or modify an existing] rule that allows access to 127.0.0.1 on any port, save, close all dialogs, then allow the original request without remembering.
That is ridiculous.
It would be immensely useful if I could accept the request and remember it, BUT be able to modify the rule that CIS is going to create before it saves that rule.