A new leak test application from COMODO !

[Guest]

[daveiw]

This is the firewall log for the test by the way:

20:21:17   CPILSUITE.EXE   Blocked   Application is attempting to inject its component into another process.   Process: CPILSuite.exe, Injected: F:\DOWNLOADS\CPILSUITE\CPIL2.DLL
20:21:15   CPIL.EXE   Blocked   Application is attempting to modify other application memory.   Process: CPIL.EXE, Target process: C:\WINDOWS\EXPLORER.EXE
20:05:37   CPIL.EXE   Blocked   Application is attempting to modify other application memory.   Process: CPIL.EXE, Target process: C:\WINDOWS\EXPLORER.EXE
20:05:13   CPIL.EXE   Blocked   Application is attempting to modify other application memory.   Process: CPIL.EXE, Target process: C:\WINDOWS\EXPLORER.EXE
20:04:22   CPILSUITE.EXE   Blocked   Application is attempting to inject its component into another process.   Process: CPILSuite.exe, Injected: F:\DOWNLOADS\CPILSUITE\CPIL2.DLL
20:04:14   CPIL.EXE   Blocked   Application is attempting to modify other application memory.   Process: CPIL.EXE, Target process: C:\WINDOWS\EXPLORER.EXE

[Boofo]

I have tried this test and at first nothing got through. Then I allowed it to get through once. I rebooted and it still gets through no matter what I do. I even uninstalled and reinstalled the firewall but Test 1 always gets through now. How to I get it back to not allowing Test 1 to get through?

[ganda]

I have tried this test and at first nothing got through. Then I allowed it to get through once. I rebooted and it still gets through no matter what I do. I even uninstalled and reinstalled the firewall but Test 1 always gets through now. How to I get it back to not allowing Test 1 to get through?

this is my "expert" opinion    :
1) you ticked "remember" when you allowed the app
2) you still had the CPIL leak test app on your comp when you reinstall CFP3 using Clean PC mode, so
    CPIL leak test was white listed on your PC.

enough fake "expert" opinion, let's wait for the real expert to come here 


Ganda

[Boofo]

Ok, so how do I un-whitelist it then?

[ganda]

WOW, so it works huh   
ehhm,here we go
go to CFP3/defense+/advanced/computer security policy
you'll see list of remembered rules there. Remove or edit the rule for the leaktest app.
oh, you might wanna check %windir%\explorer.exe ==> use a custom policy/access right/
on run an executable, click modify and find the leak test app there

[Boofo]

WOW, so it works huh   
ehhm,here we go
go to CFP3/defense+/advanced/computer security policy
you'll see list of remembered rules there. Remove or edit the rule for the leaktest app.
oh, you might wanna check %windir%\explorer.exe ==> use a custom policy/access right/
on run an executable, click modify and find the leak test app there

I deleted the rules for that before and it still gets by test 1. The second part of your instructions I didn't quite understand. That only takes me to the window explorer program. I'm using Windows XP.

[ganda]

I deleted the rules for that before and it still gets by test 1. The second part of your instructions I didn't quite understand. That only takes me to the window explorer program. I'm using Windows XP.

i use Xp SP2 too. i think we really need the expert help right now
ok, this is my step 2, sorry for being unclear, me & english.
CFP3/Defense+/advanced/computer security policy
*find %windir%\explorer.exe ,double click on it,
*tick use a custom policy, and click access right
*on the "access rights" window==>run an axecutable==> click modify,
you'll see another list of allowed/blocked apps there


Ganda

[Boofo]

Ahh, ok, I found what you were talking about. Thank you for the very detailed explanation.

The app wasn't listed in there.

Somehow it involves the hooks but I don't see where to edit those.

I thank you for all the help, sir. We'll get this figured out if we keep plugging away at it.

[ganda]

Ahh, ok, I found what you were talking about. Thank you for the very detailed explanation.

The app wasn't listed in there.

Somehow it involves the hooks but I don't see where to edit those.

I thank you for all the help, sir. We'll get this figured out if we keep plugging away at it.

huh hook? what hook?
based on my stupid experience of mistakenly allowing/blocking apps  , after i do these steps :
*find %windir%\explorer.exe ,double click on it,
*tick use a custom policy, and click access right
*on the "access rights" window==>run an axecutable==> click modify
there are lots of apps listed there, and i just remove the mistakenly allowed/blocked app.

[Boofo]

The app is not listed in that section so there is nothing to remove.

When you run CPLSuite it adds some hooks. That is how it bypasses the firewall.

[ganda]

The app is not listed in that section so there is nothing to remove.

hmm  so you don't have specific rule for CPIL leaktest and still don't pass test 1.

When you run CPLSuite it adds some hooks. That is how it bypasses the firewall.

oh ya, i remember that, it's defense+ warning that blocked the attempt.

  let see if someone can help you out. have you tried another leaktest apps? didn't pass the leaktest app by mistakenly click "allow" doesn't mean your firewall's leaking 


edit :
hey, i've just tried the CPIL leaktest, i allow & remember test 1 (access physical memory directly attempt), remove the rule, but i still didn't pass test 1 after that.
let's ask for help together 
i'll try to reboot my comp and see if i still fail after rebooting

[ganda]

hi Boofo 
just rebooted my comp, CFP3 successfully block test 1. 
it's a weird problem you have there.

[Boofo]

hi Boofo 
just rebooted my comp, CFP3 successfully block test 1. 
it's a weird problem you have there.

I even tried uninstalling and reinstalling the firewalll and it still gets through.

I emailed Melih, but he wasn't sure why it is doing that.

[ganda]

sorry to hear that 
but i gues you shouldn't worry too much, it's just leak test app that you've mistakenly allowed, not a real leakage  . perhaps you wanna try another leaktest app like GRCleaktest and see if your CFP3 can pass them.
let see if some mods here can help you. 

[Boofo]

sorry to hear that 
but i gues you shouldn't worry too much, it's just leak test app that you've mistakenly allowed, not a real leakage  . perhaps you wanna try another leaktest app like GRCleaktest and see if your CFP3 can pass them.
let see if some mods here can help you. 

I guess it's just the principle of it all. This is the best firewall ever and I can't even stop a little leaktest.

[Tags:]