Author Topic: Comodo Firewall Leaktest  (Read 13786 times)

Offline Bill_M.

  • Newbie
  • *
  • Posts: 1
Comodo Firewall Leaktest
« on: January 04, 2011, 10:11:13 PM »
I recently upgraded my Comodo Firewall from v5.0 to 5.3. Before that, I was getting a 100% (340/340) mark using the Comodo Firewall Leaktest http://www.testmypcsecurity.com/securitytests/firewall_test_suite.html

When I upgraded, I was required to uninstall the previous version and so I guess my settings got erased. Now, I'm getting only 210/340 using the installation default settings. It says my vulnerabilities are:
1. RootkitInstallation: ChangeDrvPath
2. Invasion: RawDisk
3. Invasion: FileDrop
4. Injection: SetWinEventHook
5. Injection: SetWindowsHookEx
6. Injection: Services
7. Injection: KnownDlls
8. Impersonation: DDE
10. Impersonation: Coat
11. Hijacking: Userinit
12. Hijacking: SupersedeServiceDll
13. Hijacking: StartupPrograms
14. Hijacking: AppinitDlls

What modifications or settings do I need to do to get it back to 340/340?

Offline BoredNow

  • Comodo's Hero
  • *****
  • Posts: 344
Re: Comodo Firewall Leaktest
« Reply #1 on: January 04, 2011, 11:03:23 PM »
Apparently CLT was not designed to test HIPS security from within the sandbox. 
You need to disable it for this test.

The first time I ran it I had the sandbox enabled and it threw off the results.
Then I found this...
http://forums.comodo.com/empty-t61715.0.html
and after following the instructions on how to clean up any rules that were made the first time I ran the test, as well as how to delete the Internet Explorer (IE) browsing history cache, I got a perfect score.
 
It might help to also run CCleaner to clean up any left over temp files.

Then you should reboot and then run the test.
HP pavilion media center 2006
Windows 7 64bit - Standard Acct.
EMET 3
CIS-5.10
Sandboxie 3.76

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 19532
Re: Comodo Firewall Leaktest
« Reply #2 on: January 06, 2011, 02:11:03 PM »
Moved to the appropriate board.

Offline Ronnell Copeland

  • Comodo Loves me
  • ****
  • Posts: 109
Re: Comodo Firewall Leaktest
« Reply #3 on: January 06, 2011, 04:36:31 PM »
I just follow the rules described in the forum to get a perfect score and got a 130/340.


I just ran the test again and when I got the popup I answered deny and passed the test completely, was that the right thing to do?
« Last Edit: January 06, 2011, 05:24:54 PM by ronnycopeh »
Ronnell


Windows 7 Ultimate, Waterfox 9.0, Windows mail, IE8, 8GB Ram, 25mg DSL,750g HD, Avast Pro,Windows Firewall , Winpatrol Plus, Spywareblaster, Malwarebytes' Anti-Malware on demand

"Worry about nothing, Pray about anything and Thank God for everything"

Offline BoredNow

  • Comodo's Hero
  • *****
  • Posts: 344
Re: Comodo Firewall Leaktest
« Reply #4 on: January 07, 2011, 04:04:10 PM »
I just follow the rules described in the forum to get a perfect score and got a 130/340.


I just ran the test again and when I got the popup I answered deny and passed the test completely, was that the right thing to do?

From the tutorial...section 5

5. Run CLT*.  If you get an alert from the antivirus, click "ignore" and then "Add to trusted files" (the antivirus is alerting you that a leak test application has been launched  [it's flagged as "Application.Win32.LeakTest..."]; it is not saying that the file is malicious).

The first alert that appears should be a defense+ alert that says "explorer.exe is a safe application. However, the executable clt.exe could not be recognized..."  For this alert, make sure that  "remember my answer" is unchecked, and then click allow.

The CLT program window should appear. Click the "Test" button in CLT and, from this point onward, click "block" when a CIS alert appears.
HP pavilion media center 2006
Windows 7 64bit - Standard Acct.
EMET 3
CIS-5.10
Sandboxie 3.76

Offline securityseeker

  • Newbie
  • *
  • Posts: 2
Re: Comodo Firewall Leaktest
« Reply #5 on: December 20, 2011, 04:55:35 AM »
 Hi all i have tested my firewall if fails in some security tests it fails in 3 tests: 1 test is BITStester look at http://www.testmypcsecurity.com/securitytests/bitstester.html and fails even in Procx test look at http://www.testmypcsecurity.com/securitytests/procx.htmland fails even in browser test look at http://www.pcflank.com/browser_test1.htm and at http://www.pcflank.com/browser_test3.htm can you resolve this security issue with a update ?

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 19532
Re: Comodo Firewall Leaktest
« Reply #6 on: December 22, 2011, 05:22:44 PM »
Hi all i have tested my firewall if fails in some security tests it fails in 3 tests: 1 test is BITStester look at http://www.testmypcsecurity.com/securitytests/bitstester.html
I tried this but it would not run on Win 7. May be I will test it later on XP.

Quote
and fails even in Procx test look at http://www.testmypcsecurity.com/securitytests/procx.htmland
Tested on Win 7 and it could not terminate other programs sandboxed or when sandbox disabled. In the latter case I would get a D+ alert.
Quote
fails even in browser test look at http://www.pcflank.com/browser_test1.htm and at http://www.pcflank.com/browser_test3.htm can you resolve this security issue with a update ?
Referrer logging and cookies are things you can handle with your browser. CIS does not handle those.


 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek