Author Topic: My Leak Test result 320/340, can u help me?  (Read 5977 times)

Offline Yasser1981

  • Newbie
  • *
  • Posts: 2
My Leak Test result 320/340, can u help me?
« on: October 08, 2011, 04:27:04 PM »
hi guys,

I got 320/340 on my score on leaktest.


Injection
SetWinEventHook   vunerable
SetWindowsHookEx   vunerable


How can I solve these problems?
Is iit a big problem for me?

Best,

Offline naren

  • Comodo's Hero
  • *****
  • Posts: 4376
Re: My Leak Test result 320/340, can u help me?
« Reply #1 on: October 08, 2011, 04:32:42 PM »
If I am not wrong & remember correctly, sometimes these 2 tests SetWinEventHook & SetWindowsHookEx   gets registered in trusted files as safe. I dont know how & why they gets into trusted files, maybe cloud scan bug or may be they are treated as safe in the cloud by mistake. I have observed this few times here in my case.

So can you please check & report here if they are in the trusted files.

Thanxx
Naren


Offline Yasser1981

  • Newbie
  • *
  • Posts: 2
Re: My Leak Test result 320/340, can u help me?
« Reply #2 on: October 08, 2011, 04:44:55 PM »
If I am not wrong & remember correctly, sometimes these 2 tests SetWinEventHook & SetWindowsHookEx   gets registered in trusted files as safe. I dont know how & why they gets into trusted files, maybe cloud scan bug or may be they are treated as safe in the cloud by mistake. I have observed this few times here in my case.

So can you please check & report here if they are in the trusted files.

Thanxx
Naren



thank you for the reply

I just configured using this sets of this topic http://forums.comodo.com/leak-testingattacksvulnerability-research/tutorial-comodo-firewall-5-t65294.0.html
and now my score is terrible, what is happening?
Im confused


COMODO LEAKTESTS V.1.1.0.3
Date   18:41:24 - 08/10/2011
OS   Windows Vista SP1 build 7601
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Protected
3. RootkitInstallation: DriverSupersede   Protected
4. RootkitInstallation: ChangeDrvPath   Vulnerable
5. Invasion: Runner   Vulnerable
6. Invasion: RawDisk   Vulnerable
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Vulnerable
9. Invasion: DebugControl   Protected
10. Injection: SetWinEventHook   Vulnerable
11. Injection: SetWindowsHookEx   Vulnerable
12. Injection: SetThreadContext   Protected
13. Injection: Services   Vulnerable
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Protected
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Vulnerable
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Vulnerable
24. Impersonation: DDE   Vulnerable
25. Impersonation: Coat   Vulnerable
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Vulnerable
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Vulnerable
31. Hijacking: StartupPrograms   Vulnerable
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Vulnerable
34. Hijacking: ActiveDesktop   Protected
Score   180/340


Offline naren

  • Comodo's Hero
  • *****
  • Posts: 4376
Re: My Leak Test result 320/340, can u help me?
« Reply #4 on: October 09, 2011, 07:51:33 AM »
thank you for the reply

I just configured using this sets of this topic http://forums.comodo.com/leak-testingattacksvulnerability-research/tutorial-comodo-firewall-5-t65294.0.html
and now my score is terrible, what is happening?
Im confused


COMODO LEAKTESTS V.1.1.0.3
Date   18:41:24 - 08/10/2011
OS   Windows Vista SP1 build 7601
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Protected
3. RootkitInstallation: DriverSupersede   Protected
4. RootkitInstallation: ChangeDrvPath   Vulnerable
5. Invasion: Runner   Vulnerable
6. Invasion: RawDisk   Vulnerable
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Vulnerable
9. Invasion: DebugControl   Protected
10. Injection: SetWinEventHook   Vulnerable
11. Injection: SetWindowsHookEx   Vulnerable
12. Injection: SetThreadContext   Protected
13. Injection: Services   Vulnerable
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Protected
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Vulnerable
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Vulnerable
24. Impersonation: DDE   Vulnerable
25. Impersonation: Coat   Vulnerable
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Vulnerable
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Vulnerable
31. Hijacking: StartupPrograms   Vulnerable
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Vulnerable
34. Hijacking: ActiveDesktop   Protected
Score   180/340


You quoted my post but didn't replied what I asked you to check. I asked you to check those in the trusted lists coz I have experienced that i.e one of those tests gets into trusted lists sometimes coz of which test fais as it is treated as safe.

Thanxx
Naren

Offline securityseeker

  • Newbie
  • *
  • Posts: 2
Re: My Leak Test result 320/340, can u help me?
« Reply #5 on: December 20, 2011, 08:27:23 AM »
i have windows 7 x64 all security settings to the maximum ; but i reach only 210 on 340 score.
why what is not working correctly ?

Offline captainsticks

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 9013
    • Comodo Help
Re: My Leak Test result 320/340, can u help me?
« Reply #6 on: December 20, 2011, 09:14:29 AM »
Hi securityseeker,
Did you follow the instructions in the link that EricJH posted above, in particular disable the sandbox.
A good read guaranteed.
Forum Policy - Updated on January 3, 2013
PrivDog: The Dog that not only barks at uninvited guests, but rather destroys the intruder.

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek