Comodo Firewall Pro isn`t passing leak tests [Resolved]

[Guest]

[Toggie]

The whole idea of the CPIL test is to simulate DLL Injection. Essentially, CPIL injects a DLL into EXPLORER.EXE which is the parent application for INTERNET EXPLORER. EXPLORER.EXE then TRYs to make use of IEs Internet Connection. CFP identifies the DLL injection and duly notifies you, hence the alert. You are supposed to BLOCK the alert, thus stopping the hijack.

[mrx666]

WHAT!!?? Then why am I not seeing any alerts?? I`m telling you, nothing is going up when I do the tests! I`m tired, but not THAT tired! I did mention the last test, where I clicked on test one and the red square turned to a blue shield for a second, then went back to a red square. Would that have anything to do with it?

[mrx666]

This is my alerts page:

[Toggie]

I`m seeing alerts for this type of activity, I`m not seeing alerts for the leak tests.

I'm sorry did I misunderstand your comment? If you are seeing an alert for this

Date/Time :2007-05-16 20:30:41
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (iexplore.exe)
Application: C:\Program Files\Internet Explorer\iexplore.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP Out
Destination: x.x.x.x::dns(53)
Details: C:\WINDOWS\explorer.exe has tried to use C:\Program Files\Internet Explorer\iexplore.exe through OLE Automation, which can be used to hijack other applications.

You are seeing an alert for the leak test.

[mrx666]

No, you didn`t misunderstand. I think I mis-spoke.
Ok, one more time, I`m going to clear my cache, reboot, and take the test again. Then I`ll check the activity log and see what it says. Back in 5.

[mrx666]

Ok, here`s my activity log. I took the test around 10:40. CFP failed the test with no alerts. The square turned into a shield and back into a square.

[Toggie]

Well, I'm mystified right now. As far as I can see CFP is doing exactly what it should, at least as far as the logs are concerned. As to why you are not receiving any pop-ups from CFP, I just don't know. I have to wonder if the installation is corrupt in some way.

Here is one of the alerts I get when I run test 1

[Toggie]

Actually, I've just noticed something. your log entries are different from mine. When I run test 1, I get this:

Date/Time :2007-05-17 17:05:40
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (IEXPLORE.EXE)
Application: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP Out
Destination: x.x.x.x::dns(53)
Details: C:\Documents and Settings\*\My Documents\Software\CPILSuite\cpil.exe modified the memory of the Parent application C:\WINDOWS\explorer.exe in memory.

You logs don't contain any references to CPIL, I wonder why?

[mrx666]

Because, for some reason, everything is being delayed. See if there`s anything funny here

[mrx666]

Well, I'm mystified right now. As far as I can see CFP is doing exactly what it should, at least as far as the logs are concerned. As to why you are not receiving any pop-ups from CFP, I just don't know. I have to wonder if the installation is corrupt in some way.

Here is one of the alerts I get when I run test 1

I`ve got that alert twice in the last 15 minutes. I clicked on deny, and my pages came up just like in your screen shot. But the thing was, I wasn`t doing a test!

[Toggie]

I'm not sure how you're even managing to connect, everything is being denied. Personally, I would be inclined to re-install cfp, taking care to make sure all traces of the former installation have been successfully removed, both from the Hard disk and the registry.

On a similar note, did you have a different firewall installed before CFP, if so, which?

[mrx666]

People`s PC had a firewall in their security pack.
As for the download, should I save it to disk, or run it straight from the download? Also, no matter which way I do it, I can`t have ANY anti-virus or malware running? Doesn`t that leave my computer open to viruses and trojans?

[mrx666]

Another thing, what`s the best way to remove it from the registry?

[Toggie]

For the duration of the installation I think you'll be safe. Disconnect from the net for a few minutes if your worried. It really is better not to have any additional applications running when you run the install.

Personally, I download and then run the setup.

once you have run the un-installer, open regedit (start/run/regedit) and search for any entries related to Comodo and delete them. Reboot, then reinstall.

[mrx666]

Ok, that`s what I`ll do later today. Hopefully, I won`t have to come back with the same problem(you guys will probably ban me if I do! LOL!!) Right now, I`m off to bed. Thank you very much for helping me. Thank you to the other moderators, too. Have a very good night/morning.

[Tags:]