The control slider in the Settings interface allows you to switch the Image Execution settings between Enabled(Default) and Disabled states. The Image Execution Control is disabled irrespective of the settings in this slider, if Defense+ is permanently deactivated in the General Settings from the Defense+ Settings interface.
Enabled (Default) - This setting instructs Defense+ to intercept all the files before they are loaded into memory and also Intercepts pre-fetching/caching attempts for the executable files.
Disabled - [b]No execution control is applied to the executable files.[/b]</blockquote>
In other words, with Image Execution Control disabled, Defense+ isn’t intercepting any executables. So your rule to block IE from starting will not work because IEC is disabled.
If I want to control the executable, first I choose what options in IEC and “Monitoring Settings” I need.
For an example:
To disable “Run an executable” for all rules in “Customize Policy”, disable the IEC;
To disable or enable the “Disk” for all rules, use “Disks” in “Monitoring Settings”.
If enable, the Defense+ will apply the rule choosed by the user when the executable access the disk if not, the application is free to access the disk, even if in the rule, I block the access to the disk.
If this is correct, I think the HELP of COMODO, in my opinion, should adivise the user, for example, if he disables IEC then the option “Run an executable” for all rules in “Customize Policy” will not work.
But it already does say this. I have already provided a link to the help file regarding the IEC in a previous post. As the section I quoted states, if you disable the IEC, Defense+ will not intercept any files.
At the bottom of every settings window in CIS, there is a link that says: ? What do these settings do? If you’re ever curious about what will happen if you disable something, click the link and read what the help file says about that particular setting.