COMODO Leak Test Suite Updated Version

[Guest]

[dlwalt54]

Hi all i just installes the newest version with the internet security antivirus free package. I read the post about how to configure it and everything ok except firewall stealth wizard won`t set to block all incoming connections and make my system stealth. The screen pops up and says it did but when i recheck it always goes back to the top one todefine a new network which doesn`t need set. Also i ran the CLT tester and running the tester with the clt in the sandbox and user account off i get a score of 290/340. The areas failed are number 10,11,21,24,25. I am running windows 7 32 bit version. I don`t know if i should go back to zone alarm 5 or keep this comodo package. Any help is appreciated. I am also running the freeware cis package.

[Bad Frogger]

Hi all i just installes the newest version with the internet security antivirus free package. I read the post about how to configure it and everything ok except firewall stealth wizard won`t set to block all incoming connections and make my system stealth. The screen pops up and says it did but when i recheck it always goes back to the top one todefine a new network which doesn`t need set.

Once you have run the Wizard and it has said the settings have been made. Don't go back to it, unless you want to make changes.
It is a Wizard/Tool to make settings for you. It does Not show you any status.

Also i ran the CLT tester and running the tester with the clt in the sandbox and user account off i get a score of 290/340. The areas failed are number 10,11,21,24,25.

The Sandbox fools the leak tester so the results are not quite accurate, In some scenarios.

I don`t know if i should go back to zone alarm 5 or keep this comodo package. Any help is appreciated. I am also running the freeware cis package.

I would keep CIS but that's my opinion.

BAd

[Tech]

The Sandbox fools the leak tester so the results are not quite accurate, In some scenarios.

Can you elaborate?
What's "fools" here? Does the sandbox works or not?

[Bad Frogger]

Generally.
Any feedback from an application sandboxed running in a virtual environment would be debatable.
ie: it thinks it has access to whatever system files when in reality it does not.

The Sandbox is to prevent damage to the system, So in that it works.

Once having decided to run an unknown app the job then goes back to the Firewall,
and the user deciding what/when to block and allow this unknown app access to the internet.

At the same time you are correct that in this case there is failure of a sort.
But that brings us back to the age old Comodo way debate.

As the leak test is benign and user initiated, it gets away with things, that a real malware,
or non user initiated app, would not.

Bad

[brucine]

The sandbox is supposed to keep the system to be harmed if something nefarious happens.

But it's not a reason to allow such a behavior; this feature being the last line of defense, it should not, in the first instance, allow most of these behaviors to happen, whether they are "user initiated" or not: on this last behalf, a very significative part of infections (rogues...) is only user initiated by deliberately clicking.

[JoWa]

CIS 5.0.158836.1079, Internet Security and Proactive Security. XP SP3

Partially Limited: 330/340: 23. Impersonation: ExplorerAsParent   Vulnerable
Limited: 330/340: 24. Impersonation: DDE   Vulnerable
Restricted: 340/340
Untrusted: 340/340

[dlwalt54]

Thankyou BADFROGGER for your replies. I am going to keep comodo and see if it better than my last firewall and antivirus free combo. Was usin zone alarm and avast free versions before. They seemed ok and i never had any issues with them. But after reading about the comodo free package and that it had a really much better firewall than zone alarm i decided to give it a try.

[Tech]

Was usin zone alarm

By all means, Comodo provides a much better security layer than Zone Alarm (even if you compare it with the paid version of ZA).

[jovan111p]

What is this? Just Test CIS v.5 RC2, only change is to Proactive Security, everything else is by default. I have Windows 7, x86.
I have 150/340!






How to fix this?

[EricJH]

Did you give it full access when you got the alert stating clt.exe wanted to start and requires full access to your computer? 

[jovan111p]

Did you give it full access when you got the alert stating clt.exe wanted to start and requires full access to your computer? 

Yes, I press Allow!

[EricJH]

Try running it sandboxed. I just did on Win 7 x86 (admin with no UAC) and v5 RC2 with Proactive Security and got 330/340.

[Whoop-dee-doo]

I suggest the developers run Comodo Leak test (CLT) in various CIS5 configurations and on different operating systems. I got some rather strange results too (my system: XP SP3 32 bit on VM Player; running CIS5 Beta version 1120)

When I first ran CLT, I scored 30 (and was able to reproduce this result several times). Each time, I made sure that CLT was completely removed from all CIS lists (e.g unrecognized files and security policies)
I always ran CLT outside the sandbox.
[Settings were: Firewall = safe; D+ = safe, Sandbox = enabled, Image exec = enabled,
AV = stateful, config = proactive]

Then, I ran CIS in the sandbox and got 320 (test  23 & 25 failed).
Then, I disabled the sandbox.
Then, I went back to my original settings and got 330 (test 25 failed).

I am not sure why I got 30 the first several times I ran CLT (especially since I got 330 with the same settings a little while later).


Addendum #1:

Not sure if this helps solve the above issue, but I think it has something to do with the sandbox setting.
I can reproduce the finding by this step-by-step process:

• I set sandbox to disabled, and then run CLT* >>> I get 330. I close CLT.
• I set sandbox to enabled, and then run CLT* again >>> I get 30. I close CLT (at this point, if I change CIS settings to paranoid and block all, then run CLT* again, I get 30!).
• I set sandbox to disabled, and then run CLT* again >>> I get 30. I Close CLT.
• I launch any application, and then run CLT* again >>>I get 330.

* Before I run CLT each time, I delete it from the unrecognized file list (if it is present) and make sure it is not listed in the security policies. When defense + asks if I wish to run CLT, I click allow (i.e. I do not sandbox CLT).

Can any body else reproduce these findings?  Whatever is causing this issue is likely responsible for the variations in CLT results!

Addendum #2:
The above failure occurs if "Automatically detect installers/updaters and run them outside the sandbox" is enabled, but does not occur if it is disabled. The best leak test results are achieved when "Automatically detect installers/updaters..." and "automatically trust file from trusted installers" are both disabled.

[mahg]

I posted this message in CIS 5 beta forum too, but wanted to share my issues with Whoop-dee-doo to see if there is a solution for XP users.

My computer runs on XP SP3 and I never got 30. I've tried several times with standar settings and the only way to get a low score -60- is allowing the application when CIS ask to sandbox it -Proactive Profile-.
If I answer Sandbox, I get always 330, even with the Ronny solution.

Another issue I found is that if I try to sandbox the application from the explorer -right click-, the score drops to  220. How can this be possible? What's the difference between sandboxing the application directly from the Explorer, and Sandboxing when CIS ask you to allow/Sandbox/block?
The same occurs if I select the 'run application in Sandbox' from Defense+ tab. Score is 220.
In all test, I answer bock to all pop ups, and run the application in Sandbox as untrusted.

[mahg]

Take a look to my workaround for XP here: https://forums.comodo.com/beta-corner-cis/lets-check-how-clt-scores-this-beta-t61268.0.html;msg431454#msg431454

[Tags:]