COMODO Leak Test Suite Updated Version

Hi Guys,

We have updated the Leak Test Suite. The purpose of this update is to fix the incorrect scores. There was a bug in CLT which was causing wrong results to be produced.

The updated version will be available in the web site possibly on Monday. But you can download it now from the attachment.

Cheers,
egemen

[Mod Edit By Chiron] Please note that this leaktest was not designed to work with the Sandbox. Thus any results you get while running it in the sandbox should be considered very unreliable. It is not a good test for the more recent version of Comodo Firewall.

Mod Edit By Futuretech: Re-attached CLT.zip

It now fails Hijacking : StartupPrograms with CIS 3.5.54375.427 with Defense+ in Paranoid Mode and the firewall in Custom Policy Mode. I’m using Windows XP SP3 without any security software except for CIS (and yes, I blocked everything). I got 250/340 this time on a limited user account without any protection (compared to 240 last time).
I do have one question about Active Desktop. It’s says I’m vulnerable, however, the HTML-file required for Active Desktop can’t be found. I get an error message like this (translated from Swedish to English):

Unable to find the HTML-file for Active Desktop. This file is required to use Active Desktop.

Click OK to disable Active Desktop.

It’s obviously trying to use Active Desktop, but it fails, so how come I’m vulnerable?

340/340 (L) on XP Home SP3
ProActive Security
FW Custom Policy Mode
D+ Clean PC Mode

The only thing that doesn’t work is the “question mark” button (?) on the Bottom Left :-\

EDIT
It works… my mistake (I blocked it)

340/340
Proactive Security
FW Safe Mode
D+ Safe Mode

The only suggestion I would like to propose (from a tutorial point of view) is merging the information contained into clt.html into the CLT screen, test by test, so that while running the tests you also learn something.

An interesting suggestion, Hullboy.

Hye guys ,
i did try this test and my score is 30/340 and i think is very low score.
On pcflank and shields up all test are right and i feel surprice i have this score.
I would like get better result and get feeling a savely laptop
Well,i have no knowledge about firewall and setting but by default i have :

FW = Costum Policy Mode (Very high)
D+ = Paranoid Mode

What i have to do ???
Any help will be appreciated

Regards
prandi63

[attachment deleted by admin]

340/340

One issue: My results did not appear in IE. I blocked everything I had to block just as I did in the previous test suite.

Hello, GRC Shields up is an INBOUND test that see’s if your computer responds to it’s pings, CLT tests different methods of outbound and hips tests.

Remove any firewall rules that may have been created for the leak test.
Place CIS in Proactive Defense → right-click the icon, select Configuration/Comodo - Proactive Security.
Block everyhing.
While testing the products, you might see some internet explorer windows opened.
Until the tests are finished, DO NOT close them manually.
Otherwise you might get wrong results.
Vista x64 If you fail test 7, UserInit, add
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon*
to D+ My Protected Registry Keys.

Hye,
i did make something wrong because i got my laptop out off control (authorization message) so i need to format OS HD and 3 day to install all .
Sorry but i am getting in confusing , just to try to clear about configuration…
Rules i have to write down on Internet Security but for this test i have to change in Proactive Security.
What it means ??
Is Cis using all setting in ones or depending off configuration it’s works ??
Still 30/340 my result

Regards
prandi63

By default, CIS (more specifically Defense+) comes crippled. How? Defense+ is not installed with full protection. The best thing to do is, after you install it, right click with your mouse over the CIS icon, then Configuration - Comodo Proactive Security.

Now, do you need to reformat your machine just because of the test?

Hye ,
i had to reformat HD because i cannot use laptop ,
everything i do i get ‘‘no authoritazion allowed’’ or another message i don’t remember.
It start after i did something wrong with proactive set.
You sayd i have to write all rules on this configuration ???

OK , i will do as soon as i need to off my laptop

Regards
prandi63

I ran the test and I failed on 2 test:

1 test I resolved by adding HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon* as John suggested.

Can anyone tell me how to pass also the test

  1. Hijacking: StartupPrograms Vulnerable

Thanks.

BTW system is Vista 64 bit

Hye ,
here is my final test :

set =proactive security
FW = custom policy mode - very high (alert)
D+ = paranoid mode

COMODO LEAKTESTS V.1.1.0.3
Date 17.36.41 - 18/11/2008

OS Windows XP SP3 build 2600

  1. RootkitInstallation: MissingDriverLoad Protected
  2. RootkitInstallation: LoadAndCallImage Vulnerable
  3. RootkitInstallation: DriverSupersede Vulnerable
  4. RootkitInstallation: ChangeDrvPath Vulnerable
  5. Invasion: Runner Vulnerable
  6. Invasion: RawDisk Vulnerable
  7. Invasion: PhysicalMemory Vulnerable
  8. Invasion: FileDrop Vulnerable
  9. Invasion: DebugControl Vulnerable
  10. Injection: SetWinEventHook Vulnerable
  11. Injection: SetWindowsHookEx Vulnerable
  12. Injection: SetThreadContext Vulnerable
  13. Injection: Services Vulnerable
  14. Injection: ProcessInject Vulnerable
  15. Injection: KnownDlls Vulnerable
  16. Injection: DupHandles Vulnerable
  17. Injection: CreateRemoteThread Vulnerable
  18. Injection: APC dll injection Vulnerable
  19. Injection: AdvancedProcessTermination Vulnerable
  20. InfoSend: ICMP Test Protected
  21. InfoSend: DNS Test Protected
  22. Impersonation: OLE automation Vulnerable
  23. Impersonation: ExplorerAsParent Vulnerable
  24. Impersonation: DDE Vulnerable
  25. Impersonation: Coat Vulnerable
  26. Impersonation: BITS Vulnerable
  27. Hijacking: WinlogonNotify Vulnerable
  28. Hijacking: Userinit Vulnerable
  29. Hijacking: UIHost Vulnerable
  30. Hijacking: SupersedeServiceDll Vulnerable
  31. Hijacking: StartupPrograms Vulnerable
  32. Hijacking: ChangeDebuggerPath Vulnerable
  33. Hijacking: AppinitDlls Vulnerable
  34. Hijacking: ActiveDesktop Vulnerable
    Score 30/340

Final result = 30 / 340

Why i have so low result ???

Any helping will be appreciate

Regards
prandi63

Get 310/340 with new test. These 3 fails.
6. Invasion: RawDisk Vulnerable
8. Invasion: FileDrop Vulnerable
15. Injection: KnownDlls Vulnerable
Firewall safe mode
Defense+ sage mode

Any ideas or comments on how to achieve 340/340 security?

Now get 340/340 with XP SP3
Firewall = safe mode
Defense+ = safe mode
AND NOW
Configuration = Proactive security
(R) (L)

COMODO Leaktests v.1.1.0.3

Date 5:10:31 PM - 11/20/2008

OS Windows XP SP3 build 2600

pc tools firewall plus 4.0.0.45 with default setting 170/340 ( pretty good score without hips. with hips enabled i.e threatfire, it blocked full test 340/340

  1. RootkitInstallation: MissingDriverLoad Protected
  2. RootkitInstallation: LoadAndCallImage Vulnerable
  3. RootkitInstallation: DriverSupersede Vulnerable
  4. RootkitInstallation: ChangeDrvPath Vulnerable
  5. Invasion: Runner Protected
  6. Invasion: RawDisk Vulnerable
  7. Invasion: PhysicalMemory Protected
  8. Invasion: FileDrop Vulnerable
  9. Invasion: DebugControl Vulnerable
  10. Injection: SetWinEventHook Protected
  11. Injection: SetWindowsHookEx Protected
  12. Injection: SetThreadContext Protected
  13. Injection: Services Vulnerable
  14. Injection: ProcessInject Protected
  15. Injection: KnownDlls Vulnerable
  16. Injection: DupHandles Protected
  17. Injection: CreateRemoteThread Protected
  18. Injection: APC dll injection Protected
  19. Injection: AdvancedProcessTermination Vulnerable
  20. InfoSend: ICMP Test Protected
  21. InfoSend: DNS Test Protected
  22. Impersonation: OLE automation Protected
  23. Impersonation: ExplorerAsParent Protected
  24. Impersonation: DDE Protected
  25. Impersonation: Coat Protected
  26. Impersonation: BITS Vulnerable
  27. Hijacking: WinlogonNotify Vulnerable
  28. Hijacking: Userinit Vulnerable
  29. Hijacking: UIHost Vulnerable
  30. Hijacking: SupersedeServiceDll Vulnerable
  31. Hijacking: StartupPrograms Vulnerable
  32. Hijacking: ChangeDebuggerPath Vulnerable
  33. Hijacking: AppinitDlls Vulnerable
  34. Hijacking: ActiveDesktop Protected
    Score 170/340

(C) COMODO 2008

340/340 on XP Home SP2 :-TU

Comodo Proactive Security
Firewall - Safe Mode
Defense+ - Safe Mode

(V)

what kinda default settings are these-------

here is my leak test results with CIS latest version, default settings------ 50/340. (each and every pop ups blocked during tests).

Mr. Melih, CIS with default settings is a threat for majority of users i.e 70-80% users who use default settings. default settings should be decent and effective coz majority of users rely on default settings. 50/340 dont you think these default settings needs a lot of improvements. wot say guyz !!!