Program gets past defence+ and firewall. Please help.

Hi. I have installed CIS with only firewall and defence+. The problem is that I use a program with a blocked serial, Xplorer2. Xplorer2 “calls home” to the developer and resets all my settings and open up Firefox to a information website at the developer every 5 min. CIS lets it slip through ALL it’s protection. I don’t know if FW or D+ should stop it… I have tried with all kinds of settings but nothing stops it.

Many years ago I had the same problem but I had a program that had behavioral detection (I think it was Outpost) and that program did detect that Xplorer2 was using Svchost.exe to get past the FW and out on the Internet and reset the program. Why is not CIS detecting this and what can I do to block Xplorer2 using Svchost.exe to remotely control my program (if it uses the same method as some years ago)?

Thanks in advance.

Hello Eiki,

I would simply use paranoid mode(Defense+) and Custom Policy Mode (Firewall)
thus you’ll be alerted

Reason it’s getting by now, is because it’s in the whitelist; so thus it’s allowed to do certain actions,

CIS Icon > Defense+/Firewall Security Mode > Paranoid/Custom Policy Mode

Hope this helps!