I'm curious as to how people set up their CIS, and what their convictions are for doing so. I only use the FW & D+. I have the FW in Custom Policy mode, nothing checked in "General Settings". My "Alert Settings" is at Very High, with everything checked except the ICS Server box. But I rarely get alerts because I have rules set up for everything that regularly connects. And I don't make rules for things that only need to connect occasionally, say to update once a month or something. I allow them only as needed, and the Very High setting lets me allow only the specific ports, protocol & destinations necessary when I do. Under "Advanced Settings" everything is checked except the very bottom one "NDIS protocols other than TCP/IP". I have my D+ in Clean PC Mode. I'm fairly positive that my box is clean right now. But I don't implicitly trust new things that I'm unfamiliar with. I treat Unrecognized Files as "Restricted". This is a setting I'm debating with myself over though. I'd like to hear other people's takes on this setting. I do not check the 2 boxes for cloud scanning, and I delete the "vendor.n" file in my Comodo program folder. I don't trust that vendor list, or their cloud database to decide what is or isn't trustworthy. Everything else is checked. And everything is checked in "Monitoring Settings". I have the sandbox disabled, but I'd like to hear people's take on this too that also use Sandboxie. Does anybody use both? How can one go about doing so effectively, and perhaps even increase their security as a result compared to just using SBE? Your rundown does not by any means have to be as detailed and long winded as mine. You can simply cut to brass tax (i.e. Custom Policy, Safe Mode, Limited... end of story).