Comodo release 5 new security tests

[Guest]

[SplittingDistant]

My setup (CFP & CAVS - which I thought were configured correctly) managed:

"Vulnerable" on Rootkit Installation 1
"Protected" on Rootkit 2
"Error" for both .dll injections
"Vulnerable" to the BITS hijack.

Are we going to see any advice  from Comodo regarding ways to configure their products to protect against these threats?

Comodo, you've told me about the monster in the wardrobe, but not how to keep him locked in there. If you don't help me I'm going to have nightmares and probably wet the bed. I'm sure you don't want that to happen.

 

[Coolio10]

They must of released it without testing against cfp. Many firewalls are passing but a lot of them come up with error which is basically saying your firewall passed. And many are also coming up vulnerable to BITS. I highly doubt comodo would release tests their own firewall couldn't pass so these tests seem to be screwed up.

[kail]

BITS: The BITS vulnerability has been know about for some time. Unfortunately, BITS is a required component of Windows Updates (WU). Because of this vulnerability I, and probably many others, have disabled WU from automatically running on their systems and, for me, this included BITS itself. I used to manually turn BITS on (usually set to Manual) when I wanted to run WU, but since AutoPatcher rose from the ashes recently (with APUP) I don't use BITS any more.

I'm boring everybody with these.. BITS.. since I wonder if this why some people are passing the BITS test, whilst others are not.

[Copy, right?]

Oh, NOW I get it, ...I think... where was I? Is this utility testing the firewall or the defence+? Because I was granting it access to execute, because I thought it was trying to "phone home", and that I was supposed to configure my firewall to stop it.

But I am not supposed to let it execute, is that right?

I'm so very confused...

[david banner]

I was protected on the first, error for next 3 and  vulnerable to BITS Hijack. But it is not clear at all how to respond. Should all firewall alerts be blocked?

[ailef]

it depends which alers u got, when the test wants to modify protected keys or create new ones or create files or load driver and run it or try to connect to the network, u should block all activities that are dangerous, like accessing high privileges too. all those activities can be allowed for safe apps but with unknown files, u see that his activities are just a way to attack your system.

[marren]

commodo fails on test 2-4 on my system regardless if I allow or block. I've just installed this and is trying to get this to work but I must say loosing confidence in this program fast. if a program is this hard to get configured to pass a test that "any decent security app" should pass then I guess it doesn't qualify as such an application I'm really surprised it won't pass it own tests out of the box without questions

[Josh123]

commodo fails on test 2-4 on my system regardless if I allow or block. I've just installed this and is trying to get this to work but I must say loosing confidence in this program fast. if a program is this hard to get configured to pass a test that "any decent security app" should pass then I guess it doesn't qualify as such an application I'm really surprised it won't pass it own tests out of the box without questions

Did you read the instructions in the first post, marren?

Some Alerts you need to ALLOW in order to past this test. That's what I figured. No need to lose trust in it

Josh

[don67]

My comodo fails all the test?

[salmonela]

don67, find clt.exe and remove it from "security Policy" and run test again (see picture)

[don67]

DLL Injection 1, 2 is error

[Comofo]

Yeah, um, this one's a bit vague...I got:
1) Protected
2) Protected
3) Protected
4) Error
5) Crrrrashhhh...

At least I know I got the alerts...that's something anyway...

[marren]

Did you read the instructions in the first post, marren?

Some Alerts you need to ALLOW in order to past this test. That's what I figured. No need to lose trust in it

Josh

Hmm yes and the first time I ran the test I did allow all, but the result was the same. I then tried blocking all just for good measure and still I got the results:
Passed; Error; Error; Error; Crash. Seems more people have problems with the test so it not unique for me.

[don67]

here's mine

[Josh123]

Some funny results, eh?

Hope Paul gets back...

Josh

[Tags:]