Author Topic: LeakTest 1.2 not blocked  (Read 6103 times)

Offline Varan

  • Newbie
  • *
  • Posts: 2
LeakTest 1.2 not blocked
« on: August 29, 2008, 06:23:45 PM »
Can someone please tell me how to setup CPF to pass the LeakTest from http://www.grc.com/lt/leaktest.htm ?
I renamed leaktest.exe to firefox.exe and put it into the Firefox directory. Firefox is a trusted application, but CPF does not recognize any change in firefox.exe and so the leaktest fails.

I studied the manual and searched this forum, but to no vail. Help :)

PS: Right after I pressed "Save" here I found this thread. D'oh! I must have used different wording when searching.
« Last Edit: August 29, 2008, 06:33:25 PM by Varan »

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11442
  • Linux is free only if your time is worthless.;-)
Re: LeakTest 1.2 not blocked
« Reply #1 on: August 29, 2008, 06:35:30 PM »
If GRC's leaktester was already on your PC when CFP was installed and you have run the firewall in SAFE mode, then all apps that were installed before the firewall are considered safe and won't produce reports.

Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline Varan

  • Newbie
  • *
  • Posts: 2
Re: LeakTest 1.2 not blocked
« Reply #2 on: August 29, 2008, 06:54:14 PM »
If GRC's leaktester was already on your PC when CFP was installed and you have run the firewall in SAFE mode, then all apps that were installed before the firewall are considered safe and won't produce reports.

I downloaded leaktest today and the firewall runs in custom mode. While doing the test with Firefox I
renamed firefox.exe to firefox3.exe. When I run firefox3.exe I get this message: see attachment

Shouldn't CPF know the firefox.exe and even noticed I renamed it myself - according to what is written
in the thread mentioned above.

Gary

Offline ailef

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 906
Re: LeakTest 1.2 not blocked
« Reply #3 on: September 01, 2008, 05:48:44 AM »
maybe u have to protect your firefox folder from any change?
Windows 7 ultimate 64-bit SP1 - Comodo Firewall 5.12 - Panda Cloud AV Free 3.0.0 - Sophos Virus Removal Tool 2.5

Offline BobJam

  • Comodo Member
  • **
  • Posts: 32
Re: LeakTest 1.2 not blocked
« Reply #4 on: September 02, 2008, 05:00:31 AM »
I had a similar problem and resolved it (though I'm not sure how I did it).  See my thread at

http://forums.comodo.com/leak_testingattacksvulnerability_research/grc_leak_test-t26652.0.html;msg194179

It may help.
BJ

Ultimately, the only protection against phishing, forged Web pages, downloading malware, and other threats is the technology located between the user's ears

Xw

  • Guest
Re: LeakTest 1.2 not blocked
« Reply #5 on: September 04, 2008, 03:06:47 AM »
Can someone please tell me how to setup CPF to pass the LeakTest from http://www.grc.com/lt/leaktest.htm ?
I renamed leaktest.exe to firefox.exe and put it into the Firefox directory. Firefox is a trusted application, but CPF does not recognize any change in firefox.exe and so the leaktest fails.

Hi,
Same for me I downloaded some days ago GRC's leaktester, i rename leaktest.exe to firefox.exe (firefox is not a trusted application for me) and leaktest fails (defense run in paranoid mode & firewall custom policy).
I was surprised and after a search i found the link of your first post and i've tried  :

You can test Comodo very easily by downloading the GRC leak test. After the test passes and the firewall part of Comodo blocks it then rename the leak test from leaktest to something like Firefox.exe. You will see D+ kick in with an alert. GRC even tells you to rename the test.
It's work :)

PS : Why  i don't see leaktest.exe in Defense+-> Computer security policy  ??? (remember my answer)

Xw =)

Vettetech

  • Guest
Re: LeakTest 1.2 not blocked
« Reply #6 on: September 06, 2008, 02:24:00 AM »
I think alot of you are misunderstand the test. It is a Firewall test. Not a HIPS test. The screen shots are showing D+ alerts not firewall alerts. I have run the GRC test well over 100 times and renamed it everything in the book and Comodo Firewall blocks it. Yes I said firewall not Comodo HIPS.

Xw

  • Guest
Re: LeakTest 1.2 not blocked
« Reply #7 on: September 06, 2008, 08:38:26 AM »
It is a Firewall test. Not a HIPS test. The screen shots are showing D+ alerts not firewall alerts.
I know Vettetech :), I pass GRC test.
To run leaktest.exe you need to allow it (D+), then you can do the firewall test (Comod blocks it).
But Leaktest.exe should be "displayed" in D+=> computer security policy ?

Ty
« Last Edit: September 06, 2008, 08:45:24 AM by Xw »

Offline Matty_R

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2527
  • How long is a piece of string?
Re: LeakTest 1.2 not blocked
« Reply #8 on: September 06, 2008, 09:20:22 AM »
Was the alert you got explorer.exe wants to run leaktest.exe?
If so have a look under Defence+/Advanced/Computer Security Policy/Highlight the entry %windir%\explorer.exe and choose "Edit"/Now click "Access Rights"/Now "Modify" next to Run an executable.
Here you will find the list of executables which explorer has run and been asked to save.

Matty
A couple of computers :P

Xw

  • Guest
Re: LeakTest 1.2 not blocked
« Reply #9 on: September 06, 2008, 09:30:24 AM »
It's what I was looking for!
ty a lot Matty_R  :)

Xw
ps: Solved for me

Offline pastport

  • Comodo Member
  • **
  • Posts: 37
Re: LeakTest 1.2 not blocked
« Reply #10 on: September 10, 2008, 08:15:28 PM »
V3 does not have hash functions.
So if you rename a app to firefox what V3 sets as a trust app and place in the same fold.
That app will get the same right as firefox.

Offline BobJam

  • Comodo Member
  • **
  • Posts: 32
Re: LeakTest 1.2 not blocked
« Reply #11 on: September 10, 2008, 09:06:05 PM »
Hey pastport.

Wait a minute . . . wait a minute . . .

If Comodo does not have the ability to recognize a name change on an app as potentially malicious, then it has a simple vulnerability to malware that changes an app name to gain access to the system.

I can't imagine that's correct, so I must be missing something here.  Either I misunderstood what you were saying or I'm just flat out wrong.

'Splain it to me.

TIA
BJ

Ultimately, the only protection against phishing, forged Web pages, downloading malware, and other threats is the technology located between the user's ears

Offline pastport

  • Comodo Member
  • **
  • Posts: 37
Re: LeakTest 1.2 not blocked
« Reply #12 on: September 10, 2008, 09:18:57 PM »
That will depend you rule.
When a unknow app or app without correct fd rule want to modify a file in my protected files list,V3 will pop a alter.
But if a app you trust it, then use it to replace a app with another one which has the same name.V3 will not pop a alter.
V3 will not check if a app has been changed.


Offline BobJam

  • Comodo Member
  • **
  • Posts: 32
Re: LeakTest 1.2 not blocked
« Reply #13 on: September 10, 2008, 09:46:22 PM »
without correct fd rule

What do you mean "correct"?  Can you give an example of correct and incorrect???
BJ

Ultimately, the only protection against phishing, forged Web pages, downloading malware, and other threats is the technology located between the user's ears

Offline pastport

  • Comodo Member
  • **
  • Posts: 37
Re: LeakTest 1.2 not blocked
« Reply #14 on: September 10, 2008, 10:08:35 PM »
What do you mean "correct"?  Can you give an example of correct and incorrect???
Just mean allowable

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek