What is the best setting for explorer.exe?


I need to know what is the best settings in CIS firewall for:


And, Network Defense: Safe Mode or Custom Police Mode?

I am behind a router, and using only CIS 3.8 and BOClean. Windows XP Home SP3.


I have explorer.exe and svchost.exe as both “Outgoing Only”. Most users will tell you this is sufficient, while others like to keep a more strict ruleset.

[b]Custom Policy Mode: [/b]The firewall applies ONLY the custom security configurations and network traffic policies specified by the user. New users may want to think of this as the 'Do Not Learn' setting because the firewall will not attempt to learn the behavior of any applications. Nor will it automatically create network traffic rules for those applications. You will receive alerts every time there is a connection attempt by an application - even for applications on the Comodo Safe list (unless, of course, you have specified rules and policies that instruct the firewall to trust the application's connection attempt).

If any application tries to make a connection to the outside, the firewall audits all the loaded components and checks each against the list of components already allowed or blocked. If a component is found to be blocked, the entire application is denied Internet access and an alert is generated. This setting is advised for experienced firewall users that wish to maximize the visibility and control over traffic in and out of their computer.

[b]Safe Mode:[/b] While filtering network traffic, the firewall will automatically create rules that allow all traffic for the components of applications certified as 'Safe' by Comodo. For non-certified new applications, you will receive an alert whenever that application attempts to access the network. Should you choose, you can grant that application Internet access by choosing 'Treat this application as a Trusted Application' at the alert. This will deploy the predefined firewall policy 'Trusted Application' onto the application.

‘Train with Safe Mode’ is the recommended setting for most users - combining the highest levels of security with an easy-to-manage number of connection alerts.


Thanks for the reply. Now I’m trying Custom Police Mode.