I didn’t notice there was already this topic before posting a new one.
Anyway, by the previous posts, the concerns raised about users blocking in the FW vital services, such as DNS and DHCP client, are easy to solve: just keep allowing svchost.exe by default, like CIS does today. Only if the user wishes, he can create the rules for the specific services like I described in my post above (instead of having to resort to Windows Firewall for that). The layman user could go on totally unaware this feature exists.
BTW, it’s trivial for CIS (or any software, for that matter) to find the services associated with a particular svchost instance. Process Explorer can show that.
That sounds very interesting!
Can you tell us more about it?
If we need to add certain command line to enable this feature that would be an excellent solution for all users.
Expert users can enable the feature by command line while novice users use CIS as is.
Script Analysis or command line: function only in auto containment and HIPS;
What we can do for now, is to configure queued applications. For example, configure all applications in firewall for ask requests ports… (this should not be done on a shared computer)…
