COMODO Leak Test Suite Updated Version

[Guest]

[SivaSuresh]

the only alert you should allow is the first one which says explorer.exe is trying to execute clt.exe. then block the rest of the alerts. (if you have the sandbox disabled)

no clt is not made to test the sandbox it is meant to test the firewall and defense +. have you tried following the advice given in this article to get accurate leak test results?

Thanks for the suggestion.

I followed the post. Now I get 340/340.
My only mistake was I left Sandbox enabled (that was the default of course)

Now I am enabling again (I need sandbox, don't I ?)

[wasgij6]

Thanks for the suggestion.

I followed the post. Now I get 340/340.
My only mistake was I left Sandbox enabled (that was the default of course)

Now I am enabling again (I need sandbox, don't I ?)

no problem, good to hear that you fixed the problem.

Do you need the sanbox?
Depends on how you want cis to act. if you want less alerts and dont mind things getting sandboxed, you can leave it enabled. Or if your like me you can disabled it. i would rather see the alerts and know if the app is safe i can give the file/app the proper rights then later submit it to be whitelisted.

[SivaSuresh]

no problem, good to hear that you fixed the problem.

Do you need the sanbox?
Depends on how you want cis to act. if you want less alerts and dont mind things getting sandboxed, you can leave it enabled. Or if your like me you can disabled it. i would rather see the alerts and know if the app is safe i can give the file/app the proper rights then later submit it to be whitelisted.

That suits more to me too, only if I am the only user on the system. 
Unfortunately that is not my case. Many other people including children use my system.
So I definitely need the Sandbox.

[wasgij6]

That suits more to me too, only if I am the only user on the system. 
Unfortunately that is not my case. Many other people including children use my system.
So I definitely need the Sandbox.

ya in your case i would keep the sandbox enabled.

[loverboy]

Is it possible to have an updated leak test, with tests exploiting 64bit Windows 7?

[SivaSuresh]

Is it possible to have an updated leak test, with tests exploiting 64bit Windows 7?

I would also like to know the same...

[military]

SpyShelter Firewall 1.0
Oracle VM VBox
Win 7Ultimate x64

 it is possible? 350/340 

[christos]

COMODO Leaktests v.1.1.0.3
 
Date 00:32:50 - 27/08/2012
 
OS Windows Vista SP1 build 7601
 
1. RootkitInstallation: MissingDriverLoad Protected
2. RootkitInstallation: LoadAndCallImage Protected
3. RootkitInstallation: DriverSupersede Protected
4. RootkitInstallation: ChangeDrvPath Vulnerable
5. Invasion: Runner Protected
6. Invasion: RawDisk Vulnerable
7. Invasion: PhysicalMemory Protected
8. Invasion: FileDrop Vulnerable
9. Invasion: DebugControl Protected
10. Injection: SetWinEventHook Vulnerable
11. Injection: SetWindowsHookEx Vulnerable
12. Injection: SetThreadContext Protected
13. Injection: Services Vulnerable
14. Injection: ProcessInject Protected
15. Injection: KnownDlls Vulnerable
16. Injection: DupHandles Protected
17. Injection: CreateRemoteThread Protected
18. Injection: APC dll injection Protected
19. Injection: AdvancedProcessTermination Protected
20. InfoSend: ICMP Test Protected
21. InfoSend: DNS Test Vulnerable
22. Impersonation: OLE automation Protected
23. Impersonation: ExplorerAsParent Vulnerable
24. Impersonation: DDE Vulnerable
25. Impersonation: Coat Vulnerable
26. Impersonation: BITS Protected
27. Hijacking: WinlogonNotify Protected
28. Hijacking: Userinit Vulnerable
29. Hijacking: UIHost Protected
30. Hijacking: SupersedeServiceDll Vulnerable
31. Hijacking: StartupPrograms Vulnerable
32. Hijacking: ChangeDebuggerPath Protected
33. Hijacking: AppinitDlls Vulnerable
34. Hijacking: ActiveDesktop Protected
Score 190/340
 
I'm using Windows 7!

[EricJH]

Please follow the instructions in Getting Accurate Leak Test Results.

I's important to follow them as the leaktest was meant to test a HIPS only solution and not a HIPS/sandbox combination.

[bens09]

Hello,

I used the CLT utility many times while applying different configuration. When I execute the program, defense plus suggest me to sandbox it so I do it. In proactive mode, the CLT.exe sandboxed as partially limited, everything is protected besides Impersonation: ExplorerAsParent. An internet explorer window opens when this test is initiated. Could you please help me? Can I protect this and make it invulnerable?

Thanks!

[bzrwon]

First up I must say congrats on CIS 2013, so far I'm very impressed with it, esp the FW, when tweaked this thing rejects pretty much everything I throw at it, that been said like many others, I was wondering if there are any plans to update the Comodo Leak test and or a version for 64 bit and or Windows 8? Also there needs to be an updated version of Getting Accurate Results, as it's currently only for CIS v5, some of those steps don't or can't be applied in v6 and no matter what I do I can only get a max of 310/340 in sandbox mode with Win 8 64 bit:
10. Injection: SetWinEventHook   Vulnerable
11. Injection: SetWindowsHookEx   Vulnerable
24. Impersonation: DDE           Vulnerable

Obviously if I allow it, I only get a dismal190/340 but I'm not too fussed with these test results as I've tried most of the other leak tests out their and it stops them dead in their tracks and if you run MBAM alongside it, what ever (if any) CIS misses it usually blocks and or quarantines, add running browsers in sandbox mode and it doesn't really faze me that the tests aren't perfect, esp on a Win 8 64 bit box but still an updated leak test and or how to guide would be peace of mind, I know I'm not the only one who thinks this, other than that, keep up the good work

[Tags:]