I just installed the CIS 2025 and did not specifically create any rule to block any application, just using the Proactive profile with virtualization level set to Restricted.
So I am having a few firewall blocks and I do not know why exactly they are blocked.
CIS/CF Blocks some connections when loading and usually after the short delay until recognized by Windows Security Centre. You can create allow rules for these but it’s not necessary. These in your log are just pings for updates after a reboot. but they will be successful connections a minute later. The programs will show in the Blocked Applications list but they are only there because they were temporarily blocked. CF/CIS automatically allows safe applications to connect out unless you change the default safe mode to Custom.
When looking at them, the files are already rated as Trusted, I do not understand why they are blocked, again I did not create any specific rules myself.
Besides the main problem here still exists: the Unblock Applications
and View Logs
windows should have a Reason
column. Like, blocked by xyz rule/policy
.
If it is already marked as trusted, you can remove it from that list.
Sure, except they pop up again when firewall blocking triggers. The only way to stop the blocking is using the unblock option, which creates separate allow rules, which overrides the rest, which is not optimal. I’d expect them to be allowed by default, considering that they are already rated as Trusted.
The firewall has boot time protection that blocks all connection attempts even for trusted applications until cis is fully loaded. You either ignore the blocks as it probably doesn’t hinder those applications, or you create allowed application rules for those applications which should stop the logging.
1 Like
Why?
I don’t want to create separate rules as it quickly becomes hard to manage. The less user interaction required, the better. In fact, this idea was the reason why I installed CIS in the first place.