Author Topic: COMODO Leak Test Suite Updated Version  (Read 203476 times)

Offline JoWa

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3803
Re: COMODO Leak Test Suite Updated Version
« Reply #105 on: September 08, 2010, 02:55:54 AM »
PC Tools Firewall Plus 7.0.0.77 Beta 3
VirtualBox

COMODO Leaktests v.1.1.0.3
Date   09:24:53 - 2010-09-08
OS   Windows XP SP3 build 2600
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Vulnerable
3. RootkitInstallation: DriverSupersede   Protected
4. RootkitInstallation: ChangeDrvPath   Protected
5. Invasion: Runner   Protected
6. Invasion: RawDisk   Vulnerable
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Vulnerable
9. Invasion: DebugControl   Vulnerable
10. Injection: SetWinEventHook   Protected
11. Injection: SetWindowsHookEx   Protected
12. Injection: SetThreadContext   Protected
13. Injection: Services   Protected
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Vulnerable
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Protected
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Protected
24. Impersonation: DDE   Protected
25. Impersonation: Coat   Protected
26. Impersonation: BITS   Vulnerable
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Protected
29. Hijacking: UIHost   Vulnerable
30. Hijacking: SupersedeServiceDll   Vulnerable
31. Hijacking: StartupPrograms   Vulnerable
32. Hijacking: ChangeDebuggerPath   Vulnerable
33. Hijacking: AppinitDlls   Protected
34. Hijacking: ActiveDesktop   Protected
Score   230/340
Ubuntu 14.04.1, 64-bit | Chrome 38β | HTTPS Everywhere
Forum Policy | Comodo Product Help

Offline knk2006

  • Comodo's Hero
  • *****
  • Posts: 540
Re: COMODO Leak Test Suite Updated Version
« Reply #106 on: September 25, 2010, 04:49:25 AM »
comodo's sandbox is now smarter , how ? I've launched a trusted application using a non trusted application as a portable version  , the non trusted application was ended , however , the trusted application ( same not modified ) still in the sandbox  < I tried to reach the main site " from the about section " the result is : I reached it without any pop up but of course the IE got sandboxed as well , I thought that might be a bug " because i didn't get any alert from the firewall "so I ran the leak test " after letting it through the antivirus  ;D " .. and here is the result :)

 Date   12:41:34 ã - 17/10/31
OS   Windows XP SP3 build 2600
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Protected
3. RootkitInstallation: DriverSupersede   Protected
4. RootkitInstallation: ChangeDrvPath   Protected
5. Invasion: Runner   Protected
6. Invasion: RawDisk   Protected
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Protected
9. Invasion: DebugControl   Protected
10. Injection: SetWinEventHook   Protected
11. Injection: SetWindowsHookEx   Protected
12. Injection: SetThreadContext   Protected
13. Injection: Services   Protected
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Protected
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Protected
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Protected
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Protected
24. Impersonation: DDE   Protected
25. Impersonation: Coat   Protected
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Protected
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Protected
31. Hijacking: StartupPrograms   Protected
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Protected
34. Hijacking: ActiveDesktop   Protected
Score   340/340

stock configuration of CIS 5 complete  ;)

Offline cool1007

  • Comodo Family Member
  • ***
  • Posts: 91
Re: COMODO Leak Test Suite Updated Version
« Reply #107 on: September 29, 2010, 12:35:31 PM »
I got a 180/340 score with a stock configuration/installation of CIS 5. :(
Defense+ : Safe Mode
Antivirus: On Access
Firewall: Safe Mode
Sandbox: Safe Mode

Any ideas how to improve the results?

Thanks


COMODO Leaktests v.1.1.0.3
 
Date 12:18:35 PM - 9/29/2010
 
OS Windows Vista SP0 build 7600
 
1. RootkitInstallation: MissingDriverLoad Protected
2. RootkitInstallation: LoadAndCallImage Protected
3. RootkitInstallation: DriverSupersede Protected
4. RootkitInstallation: ChangeDrvPath Vulnerable
5. Invasion: Runner Vulnerable
6. Invasion: RawDisk Vulnerable
7. Invasion: PhysicalMemory Protected
8. Invasion: FileDrop Vulnerable
9. Invasion: DebugControl Protected
10. Injection: SetWinEventHook Vulnerable
11. Injection: SetWindowsHookEx Vulnerable
12. Injection: SetThreadContext Protected
13. Injection: Services Vulnerable
14. Injection: ProcessInject Protected
15. Injection: KnownDlls Vulnerable
16. Injection: DupHandles Protected
17. Injection: CreateRemoteThread Protected
18. Injection: APC dll injection Protected
19. Injection: AdvancedProcessTermination Protected
20. InfoSend: ICMP Test Protected
21. InfoSend: DNS Test Vulnerable
22. Impersonation: OLE automation Protected
23. Impersonation: ExplorerAsParent Vulnerable
24. Impersonation: DDE Vulnerable
25. Impersonation: Coat Vulnerable
26. Impersonation: BITS Protected
27. Hijacking: WinlogonNotify Protected
28. Hijacking: Userinit Vulnerable
29. Hijacking: UIHost Protected
30. Hijacking: SupersedeServiceDll Vulnerable
31. Hijacking: StartupPrograms Vulnerable
32. Hijacking: ChangeDebuggerPath Protected
33. Hijacking: AppinitDlls Vulnerable
34. Hijacking: ActiveDesktop Protected
Score 180/340
 

Offline John Buchanan

  • The greatest victory comes from the battle within.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5667
  • Personal Dragons can be defeated. Improve yourself
Re: COMODO Leak Test Suite Updated Version
« Reply #108 on: September 29, 2010, 12:38:09 PM »
CLT was not designed to be used in a sandbox.  It was designed to test the firewall and D+/HIPS only
Using it inside a sandbox or with a sandbox gives erroneous results
Please follow Comodo Forum Policy

Offline cool1007

  • Comodo Family Member
  • ***
  • Posts: 91
Re: COMODO Leak Test Suite Updated Version
« Reply #109 on: September 29, 2010, 01:11:11 PM »
I disabled the sanbox entirely (by right clicking the taskbar icon and by going to Defense+ settings), then I reboot the PC, ran CLT again, and gave me almost the same score (+10 points).  :(

I also followed the instructions for configuring CIS in this post https://forums.comodo.com/leak-testingattacksvulnerability-research/getting-accurate-leak-test-results-t61715.0.html.

Now I'm worried about my computer security with such a low score. Any other ideas?

COMODO Leaktests v.1.1.0.3
 
Date 1:29:39 PM - 9/29/2010
 
OS Windows Vista SP0 build 7600
 
1. RootkitInstallation: MissingDriverLoad Protected
2. RootkitInstallation: LoadAndCallImage Protected
3. RootkitInstallation: DriverSupersede Protected
4. RootkitInstallation: ChangeDrvPath Vulnerable
5. Invasion: Runner Vulnerable
6. Invasion: RawDisk Vulnerable
7. Invasion: PhysicalMemory Protected
8. Invasion: FileDrop Vulnerable
9. Invasion: DebugControl Protected
10. Injection: SetWinEventHook Vulnerable
11. Injection: SetWindowsHookEx Vulnerable
12. Injection: SetThreadContext Protected
13. Injection: Services Vulnerable
14. Injection: ProcessInject Protected
15. Injection: KnownDlls Vulnerable
16. Injection: DupHandles Protected
17. Injection: CreateRemoteThread Protected
18. Injection: APC dll injection Protected
19. Injection: AdvancedProcessTermination Protected
20. InfoSend: ICMP Test Protected
21. InfoSend: DNS Test Protected
22. Impersonation: OLE automation Protected
23. Impersonation: ExplorerAsParent Vulnerable
24. Impersonation: DDE Vulnerable
25. Impersonation: Coat Vulnerable
26. Impersonation: BITS Protected
27. Hijacking: WinlogonNotify Protected
28. Hijacking: Userinit Vulnerable
29. Hijacking: UIHost Protected
30. Hijacking: SupersedeServiceDll Vulnerable
31. Hijacking: StartupPrograms Vulnerable
32. Hijacking: ChangeDebuggerPath Protected
33. Hijacking: AppinitDlls Vulnerable
34. Hijacking: ActiveDesktop Protected
Score 190/340
 

EDIT: after switching to Proactive Configuration, the sandbox was enabled again by default, and I didn't notice. After disabling the sandbox, I ran CLT again and got a perfect score :D. Thanks, John

COMODO Leaktests v.1.1.0.3
 
Date 1:38:24 PM - 9/29/2010
 
OS Windows Vista SP0 build 7600
 
1. RootkitInstallation: MissingDriverLoad Protected
2. RootkitInstallation: LoadAndCallImage Protected
3. RootkitInstallation: DriverSupersede Protected
4. RootkitInstallation: ChangeDrvPath Protected
5. Invasion: Runner Protected
6. Invasion: RawDisk Protected
7. Invasion: PhysicalMemory Protected
8. Invasion: FileDrop Protected
9. Invasion: DebugControl Protected
10. Injection: SetWinEventHook Protected
11. Injection: SetWindowsHookEx Protected
12. Injection: SetThreadContext Protected
13. Injection: Services Protected
14. Injection: ProcessInject Protected
15. Injection: KnownDlls Protected
16. Injection: DupHandles Protected
17. Injection: CreateRemoteThread Protected
18. Injection: APC dll injection Protected
19. Injection: AdvancedProcessTermination Protected
20. InfoSend: ICMP Test Protected
21. InfoSend: DNS Test Protected
22. Impersonation: OLE automation Protected
23. Impersonation: ExplorerAsParent Protected
24. Impersonation: DDE Protected
25. Impersonation: Coat Protected
26. Impersonation: BITS Protected
27. Hijacking: WinlogonNotify Protected
28. Hijacking: Userinit Protected
29. Hijacking: UIHost Protected
30. Hijacking: SupersedeServiceDll Protected
31. Hijacking: StartupPrograms Protected
32. Hijacking: ChangeDebuggerPath Protected
33. Hijacking: AppinitDlls Protected
34. Hijacking: ActiveDesktop Protected
Score 340/340
 

(C) COMODO 2008
« Last Edit: September 29, 2010, 01:41:11 PM by cool1007 »

Offline cocopara

  • Comodo Family Member
  • ***
  • Posts: 51
Re: COMODO Leak Test Suite Updated Version
« Reply #110 on: October 02, 2010, 02:48:09 PM »
Why do I get these results?


Date   21:34:34 - 02.10.2010
OS   Windows Vista SP0 build 7600
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Protected
3. RootkitInstallation: DriverSupersede   Protected
4. RootkitInstallation: ChangeDrvPath   Vulnerable
5. Invasion: Runner   Vulnerable
6. Invasion: RawDisk   Vulnerable
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Vulnerable
9. Invasion: DebugControl   Protected
10. Injection: SetWinEventHook   Vulnerable
11. Injection: SetWindowsHookEx   Vulnerable
12. Injection: SetThreadContext   Protected
13. Injection: Services   Vulnerable
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Protected
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Vulnerable
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Protected
24. Impersonation: DDE   Protected
25. Impersonation: Coat   Vulnerable
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Vulnerable
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Vulnerable
31. Hijacking: StartupPrograms   Vulnerable
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Vulnerable
34. Hijacking: ActiveDesktop   Protected
Score   200/340

I am infact using W7 and not vista as it shows.

I put heur etc all to full and maximized the security yet such a poor result.WTF

Offline John Buchanan

  • The greatest victory comes from the battle within.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5667
  • Personal Dragons can be defeated. Improve yourself
Re: COMODO Leak Test Suite Updated Version
« Reply #111 on: October 02, 2010, 03:09:45 PM »
CLT was not designed to be used in a sandbox.  It was designed to test the firewall and D+/HIPS only
Using it inside a sandbox or with a sandbox gives erroneous results

Please follow Comodo Forum Policy

Offline cocopara

  • Comodo Family Member
  • ***
  • Posts: 51
Re: COMODO Leak Test Suite Updated Version
« Reply #112 on: October 02, 2010, 03:32:45 PM »


I even disabled the sandbox so why did I get such an retarded result?

Offline Whoop-dee-doo

  • Cave Dweller
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1097
  • What are you staring at?
Re: COMODO Leak Test Suite Updated Version
« Reply #113 on: October 03, 2010, 11:01:54 AM »
I even disabled the sandbox so why did I get such an retarded result?

Please see this post. It will help you set CIS appropriately and help you achieve an accurate leak test result.
"The best way to have a good idea is to have a lot of ideas." - Linus Pauling   :-La 

"Don't find fault. Find a remedy." - Henry Ford

Offline Comm512

  • Comodo Family Member
  • ***
  • Posts: 84
Re: COMODO Leak Test Suite Updated Version
« Reply #114 on: October 05, 2010, 09:18:47 AM »
When i do achieve a 340 score, is it unwise to alter any setting in Comodo after that? I mean, can i enabled the sandbox again without compromising security?

Is it not possible to get a 340 without user intervention? I do like Comodo blocking all untrusted files so that i am able to check afterwards (after execution of exe) what was trying to run.

I see a lot of 'clt.exe scanned online and found malicious'. I do get 3 or 4 warning from the Cloud that clt.exe is dangerous

Offline Whoop-dee-doo

  • Cave Dweller
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1097
  • What are you staring at?
Re: COMODO Leak Test Suite Updated Version
« Reply #115 on: October 05, 2010, 08:54:07 PM »
When i do achieve a 340 score, is it unwise to alter any setting in Comodo after that? I mean, can i enabled the sandbox again without compromising security?

Yes, you can enable the sandbox without compromising security. The CLT program is not designed to test the sandbox, and that it why you are supposed to turn off the sandbox for the test. The developers tested 15,000 malware files against the sandbox, and none of the malware files were able to run after rebooting (some harmless files may get dropped on your hard drive, but the malware cannot "infect" your computer and cause harm).


Is it not possible to get a 340 without user intervention? I do like Comodo blocking all untrusted files so that i am able to check afterwards (after execution of exe) what was trying to run.
You can set CIS to block all alerts.

I see a lot of 'clt.exe scanned online and found malicious'. I do get 3 or 4 warning from the Cloud that clt.exe is dangerous

I am not sure why Comodo decided to let the AV flag CLT (it is not detected as malware, it is detected as a leak test application), but they are sticking to that decision. Simply add it to the AV exclusion list. CLT is a safe program and is harmless.


"The best way to have a good idea is to have a lot of ideas." - Linus Pauling   :-La 

"Don't find fault. Find a remedy." - Henry Ford

Offline Johnzbzb

  • Comodo Family Member
  • ***
  • Posts: 55
Re: COMODO Leak Test Suite Updated Version
« Reply #116 on: October 06, 2010, 04:10:19 AM »
what the heck, why do I get Application.Win32.LeakTest.~B[at]1, in the "A malicious item has been detected".

Offline Johnzbzb

  • Comodo Family Member
  • ***
  • Posts: 55
Re: COMODO Leak Test Suite Updated Version
« Reply #117 on: October 06, 2010, 04:15:59 AM »
Wow I got a really crap score 30/340 in the leak test.

Offline Whoop-dee-doo

  • Cave Dweller
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1097
  • What are you staring at?
Re: COMODO Leak Test Suite Updated Version
« Reply #118 on: October 06, 2010, 08:41:13 AM »
what the heck, why do I get Application.Win32.LeakTest.~B[at]1, in the "A malicious item has been detected".

I am not sure why Comodo decided to let the AV flag CLT (it is not detected as malware, it is detected as a leak test application), but they are sticking to that decision. Simply add it to the AV exclusion list. CLT is a safe program and is harmless.

Wow I got a really crap score 30/340 in the leak test.

Please see this post. It will help you set CIS appropriately and help you achieve an accurate leak test result.

"The best way to have a good idea is to have a lot of ideas." - Linus Pauling   :-La 

"Don't find fault. Find a remedy." - Henry Ford

Offline cocopara

  • Comodo Family Member
  • ***
  • Posts: 51
Re: COMODO Leak Test Suite Updated Version
« Reply #119 on: October 12, 2010, 11:45:04 AM »
Ive read that flipping* post and I get an really bad result. Will that affect my overall security. Anyhow if a person in STOCK CONFIG gets 100% why am I in the most protected CONFIG and I  reach really low -.-.

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek