Leak test fails? [RESOLVED]

[Guest]

[whiskeyjack]

What good is this firewall, if the leaktest fails automatically if you "allow" the browser prior to testing the leak.

I don't want to have to allow my web browser to access the internet EVERY time I want to use it.

Also for what it's worth. Zone Alarm Pro 7 stopped all the leak test's on my computer when I set Firefox to "Ask" in it's settings. (I already had it set to "kill" iexplore)  So where is the real advantage to this firewall?

I didn't change any settings except to "allow" my default browser and this firewall fails tests 1, 2, and 3.  Also, it never mentions that there is a hook although from doing research and reading these forums I know that it should. It simply states the Iexplore.exe is trying to access the internet.

Perhaps I'm missing something?

[comicfan2000]

What good is this firewall, if the leaktest fails automatically if you "allow" the browser prior to testing the leak.

I don't want to have to allow my web browser to access the internet EVERY time I want to use it.

Also for what it's worth. Zone Alarm Pro 7 stopped all the leak test's on my computer when I set Firefox to "Ask" in it's settings. (I already had it set to "kill" iexplore)  So where is the real advantage to this firewall?

I didn't change any settings except to "allow" my default browser and this firewall fails tests 1, 2, and 3.  Also, it never mentions that there is a hook although from doing research and reading these forums I know that it should. It simply states the Iexplore.exe is trying to access the internet.

Perhaps I'm missing something?

Hi and welcome to the forum. 

Yes, for one you are missing what leak test you took. Two, if you want to see thorough leak test results look here..

http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

Comodo has passed every leak test.

Your issue with allowing is simply this, the firewall is alerting you that something is trying to get through, by blocking it, it has not succeeded. As PCflank does by using OLE automation which is a legit Windows app that allows some software to connect when they don't have their own ability to connect to their server\maker, also is used by threats to connect, but in order to stop this, you would have to disable OLE atuomation entirely which isn't always in the best intrest of a user to do. So, how else do you prevent it? By the firewall detecting and blocking it. If ZA is blocking automatically, you may have legit programs not being able to update or connect as well. A firewall cannot determine OLE's so ZA would simply be taking a GUESS and blocking it.

If you don't want to ALLOW your browser every time, 3 things. 1. You should check the "remember this setting"

2. set popup alerts to med or low

3. If something uses OLE, it will pop up the allow browser as well as it modifies a document and the firewall is TELLING you that this has changed and could be a threat. So you can set OLE alerts to off as well and leave it as a choice to get them or not. Me, I like em, so I know what's been modified.  This is what I believe is going on.

Careful study can aid in an event,  therefore the lack of knowledge presents an obstacle to hurdle but the correct amount of reviewing a situation will guide you through as to what should happen before thoughts of incompetence of a firewall. ZA in fact has not passed every test and Comodo has at this point. I think you may simply be confused on what has passed or in which way.

I hope this helps,

Paul

[whiskeyjack]

Thing is, if I right now "allow" my web browser, lets say Iexplore.exe then when I try the leaktest it automatically fails and doesn't even ask me if I want to block it.

I don't want allow any program to automatically connect, I prefer to handle my updates personally and I do so with a scheduled proficiency.

Why I was trying to say is, this firewall on my computer fails the leak test's if you apply "allow" to the browser to access the internet prior to the leak test.  After allowing the browser, and running the CPIL suite, the firewall fails the leak tests.

Maybe  I'm not understanding you, but I thought the claim was that this firewall "realized" that the program (iexplore in this instance) was trying to access the internet with changed (hooked) files and then popped the window up alerting you and asking you to allow or block.  This is not the case on my computer.  I haven't changed any settings exept allowed the firewall to scan my computer for trusted applications.

If there is something I am missing, or if I should un-trust all the apps that the firewall scanned and added then let me know.

[whiskeyjack]

As an update, I Unistalled, reinstalled and it works better although it's still a bit funky about the CPIL suite test. It scored a 100% stop (in the manner that I wanted) with Atelier Web Firewall Tester. 

I'd like to ask though, when I denied access to the tainted apps while testing with Atelier, it stopped the unauthorized access sure enough, however I was forced to restart my computer to use the browser again as every time I launched the browser it detected that it had be tampered with in memory.  Is that something that's typical of the Firewall leak tester, or is that generally how it's going to work?

Thanks for your post and look forward to any helpful replies.

[kail]

CFP is detecting it because the hook is still present. The problem is that once CPIL injects the hook into explorer, it can only be removed by a reboot. In fact, I believe it is recommended to reboot between each CPIL test anyway.

Typical? With leaktest that inject hooks into explorer, yes I believe it probably is.

Funky? On some systems, CPIL has been know to cause a shell crash.. especially when all 3 tests are run without a reboot in between.

[panic]

Regardless of what leak testing utility you are using, you really should reboot between each and every test. This ensures that you are testing on a valid, rather than an already compromised, platform. As Kail said, you can expect unexpected results if you don't reboot.

Ewen :-)

[whiskeyjack]

Thanks guys. Things seem to be working as expected now. I appreciate all the patience and information.

Whiskey.

[comicfan2000]

Good to hear. Having to restart due to a locked browser after a block is typical when you block an attempt or OLE, which I hope in v.3 is finally taken care of. When you deny an attempt it locks your browser and you can sometimes restart CFP or have to restart the PC.
 As Ewen stated, in your case you should restart anyway.

Paul

[Tags:]