Hey all I only started using CIS yesterday and congrats to all involved for a very cool and good software …
The default “deny” action and 120 seconds time limit doesnt suite my style of control for normal usage of security software even when set to 999 … I know there is registry work around for this and it may be changed in future but I think there is a possible need for GUI Alert feature which is retrospective that can be implement that would make this whole issue easier for everybody in a simplistic way to define/change rules …
Senario …
ProgramA is running, you go get a coffie, ProgramA runs ProgramB, You missed the alert and the chance to create your own rule, it was also blocked by default … Now you have to dig deep in the policy settings, find ProgramA, edit right, modify the task to your needs etc because you dont want this task to fail when you goto lunch or you need some other setting …
This interface is very good for people whom need specific rules etc or who operate a complex policy but it’s not so easy for the set it forget it user …
Maybe the GUI could indicate unhandled events (timed-out Actions) (where is not important maybe beside the blocked events on the overview page on the main application, status bar indicator wouldnt hurt either)
The unhandled events would look similar to the blocked event’s list and there you could have a button (Define Rule) to define the rules of each … This button simply opens the same alert window you missed, where you easily select what kind of policy you want for it, remembered, blocked, allowed, trusted, web application etc … This then overwrites the policy so user dont have to worry about much technical stuff that they dont understand or making security mistakes in the advance setting that could have them thinking the software is not secure or something …
I’m actually very happy I installed this and I hope you will like my Idea 
…