I have been using CIS for sometime now. I remember, in previous version, when I marked an application as trusted, it was given Desktop rights only, with no automatic permissions for Firewall.
However, in current versions, when I mark an Application as trusted (so that I dont have to give it Keyboard, Registry rights separately each time), it also gets all Firewall rights automatically.
I have edited the “Trusted Application” policy to remove the “Loopback Networking”, and “DNS Client Service” rights. However, this is of no use, and tn application marked as trusted still gets Firewall rights automatically. How can I prevent this??
IMO It makes Sense… If you mark an application as Trusted then it should let it do it’s thing without a peep.
This way it’s reducing alerts/improving usability.
I would disagree with Kyle. For e.g. I use Ccleaner and would like to give it all permissions and would not mind giving it ‘trusted application’ status for desktop. However, for updates, I would like to do it manually once in a while, so that my internet usage is not disrupted often by programs trying to update itself.
Any way, CIS will not give access rights of ‘internet’ to a ‘trusted application’ in Defense+ unless the Firewall Security level is kept at ‘Safe Mode’. If you want alerts for all programs, you can keep Firewall Security level at ‘Custom Policy Mode’.
This way you will get alerts for all the programs which try to connect internet if ‘permission rules’ does not already exist under ‘Network Security Policy’.
CIS-Firewall-Advanced-Network Security Policy
You can delete the entry of the program you are referring to, from Network Security Policy and re-check the same.
Exactly, I use a multitude of programs including Visual Studio, Sql Enterprise Studio, etc. etc. Each of these tools perform task that can better be flagged as “Trusted Application”. However, they also unnecessarily call back home (their Vendor’s site) every now & then for tasks that are useless to me.
Now layman, yes I am using Safe Mode. Are you sure switching to Custom Policy Mode would not create any holes relative to Safe Mode?? Isn’t there a better way available??
And I have already deleted that entry for that application before posting!!!
Not at all. Custom Policy Mode just means giving ‘permissions’ for internet connectivity as per user’s will i.e. this is meant only for ‘Firewall’ activity
CIS will not use its safe list for ‘internet’ in this mode. So, you will get alerts even for Comodo’s programs like CSC, if it’s policy is not created. At the same time you are free to retain ‘trusted application’ status for defense+, which will give it sweeping powers within your desktop.
Further, when the alert is shown, if you prefer to use ‘remember my action’ by giving ‘permission’ or ‘block’ that program will not bother you there after. Also, you can any time review your decision at ‘network security policy’ mentioned in my last post.
Unlike a configuration policy change, firewall security level only affects the firewall activity, nothing else.