Author Topic: GRC Leak Test [resolved]  (Read 6177 times)

Offline BobJam

  • Comodo Member
  • **
  • Posts: 32
GRC Leak Test [resolved]
« on: September 01, 2008, 05:30:40 PM »
My Comodo (CFP free) did fine with GRC's Shields Up! test . . . all ports stealth.  But it failed GRC's Leak Test.

Now I know the developer has devised a leak test here, but I agree with a poster in that thread . . . it's sort of like having the Fox guard the chickens.  And GRC's Leak Test is not really conclusive for me, and Gibson has said as much.

Nevertheless, the failure on GRC's Leak Test did alarm me.  So I'm wondering . . . since I'm new to Comodo (a refugee from ZA) . . . is there some setting I should have enabled??  I know that's a general question, and I'll have to view some tutorials, and the learning curve is steep, but I thought maybe somebody here would have a suggestion or at least some thoughts on the topic
« Last Edit: September 03, 2008, 02:00:30 AM by Ganda »
BJ

Ultimately, the only protection against phishing, forged Web pages, downloading malware, and other threats is the technology located between the user's ears

Offline grayhair

  • Comodo's Hero
  • *****
  • Posts: 293
Re: GRC Leak Test
« Reply #1 on: September 01, 2008, 06:23:31 PM »
   Welcome to the forum.  Well, I guess the first question would be what the settings are for Comodo firewall and D+.? What operating system do you have?  When you ran the GRC Leak Test did you receive any Comodo windows warning you about incoming connections?  Did you run the GRC Leak test previously when you had ZoneAlarm installed?

   Cheers

Offline BobJam

  • Comodo Member
  • **
  • Posts: 32
Re: GRC Leak Test
« Reply #2 on: September 02, 2008, 04:41:45 AM »
I don't know what my settings were when I first did the GRC Leak Test, but since I've changed them now it passes.  I have no idea which setting change did it.

1.  Here is my current Firewall behavior setting:



2.  And here are my Firewall alert settings:



3. Here is my Network Security policy:



As you can see, I blocked the Leak Test when I got an alert (I didn't get any alert the first time).

And the path and file E:\Downloads\Downloads Completed\explorer.exe is the renamed Leak Test.

All the collapsed entries have green/allow checkmarks.

4.  Here is the global Network Security policy:



5.  And finally, here is the Leak Test result currently:



BTW, I did the Leak Test in "stealth mode", and as I said above also with renaming Leak Test as a trusted file (explorer.exe), and it passed all.

And, I've switched from McAfee 8.0i and ZA to Avira and CPF and my start up time and running performance has increased dramatically.  McAfee and ZA were gobbling up resources (which they're both notorious for), but I never had that problem with them until recently.  Now if I can just get CPF and Avira set the way I want them, I'll be good to go.

Oh . . . almost forgot.  My OS is XP HE.

And, yes, ZA passed the GRC Leak Test.

And I uninstalled both McAfee and ZA with RevoUninstaller to dig out all the registry remnants.

I also had System Safety Monitor (a HIPS program) installed and CPF said it had a serious conflict with it (is that the D+ part?), so I uninstalled it with Revo.  But there must still be a registry remnant because CPF diagnostics detects it as an error.  I guess I'll search through my registry for references to System Safety Monitor.
« Last Edit: September 02, 2008, 04:50:17 AM by BobJam »
BJ

Ultimately, the only protection against phishing, forged Web pages, downloading malware, and other threats is the technology located between the user's ears

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: GRC Leak Test
« Reply #3 on: September 02, 2008, 07:42:47 AM »
Hello I don't think you understood what Grayhair meant about D+, No problems - this is what you need to do;

Comodo -> Defense+ -> Advanced -> Defense+ settings.

What mode is Defense+ running in? :)
Windows 7 x64
AMD FX 8120, 8gb ram, ATI 6870 1gb

Offline BobJam

  • Comodo Member
  • **
  • Posts: 32
Re: GRC Leak Test
« Reply #4 on: September 02, 2008, 11:51:16 AM »
Here are my Defense+ settings:

General



Monitor



TIA
BJ

Ultimately, the only protection against phishing, forged Web pages, downloading malware, and other threats is the technology located between the user's ears

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: GRC Leak Test
« Reply #5 on: September 02, 2008, 01:17:36 PM »
Ah------HA! Found the problem :)

It's in TRAINING MODE!


Training Mode: The firewall will monitor and learn the activity of any and all executables and create automatic 'Allow' rules until the security level is adjusted. You will not receive any Defense+ alerts in 'Training Mode'. If you choose the 'Training Mode' setting, we advise that you are 100% sure that all applications and executables installed on your computer are safe to run.

You will want to do this, Comodo -> Defense+ -> Computer Security Policy -> Now delete the GRC leaktest entries (And any others you want) Put Defense+ in Safe mode, And try running the test again.

Hope this helps :)






I'll give you a quick run down about the modes.

FIRE WALL:
Block All Mode: The firewall blocks all traffic in and out of your computer regardless of any user-defined configuration and rules. The firewall will not attempt to learn the behavior of any applications and will not automatically create traffic rules for any applications. Choosing this option will effectively prevent your computer from accessing any networks, including the internet.


Custom Policy Mode: The firewall applies ONLY the custom security configurations and network traffic policies specified by the user. New users may want to think of this as the 'Do Not Learn' setting because the firewall will not attempt to learn the behavior of any applications. Nor will it automatically create network traffic rules for those applications. You will receive alerts every time there is a connection attempt by an application - even for applications on the Comodo Safe list (unless, of course, you have specified rules and policies that instruct the firewall to trust the application's connection attempt).

If any application tries to make a connection to the outside, the firewall audits all the loaded components and checks each against the list of components already allowed or blocked. If a component is found to be blocked, the entire application is denied internet access and an alert is generated.This setting is advised for experienced firewall users that wish to maximize the visibility and control over traffic in and out of their computer.


Safe Mode: While filtering network traffic, the firewall will automatically create rules that allow all traffic for the components of applications certified as 'Safe' by Comodo. For non-certified new applications, you will receive an alert whenever that application attempts to access the network. Should you choose, you can grant that application internet access by choosing 'Treat this application as a Trusted Application' at the alert. This will deploy the predefined firewall policy 'Trusted Application' onto the application.

'Safe Mode' is the recommended setting for most users  - combining the highest levels of security with an easy-to-manage number of connection alerts.


Training Mode : The firewall will monitor network traffic and create automatic allow rules for all new applications until the security level is adjusted. You will not receive any alerts in 'Training Mode' mode. If you choose the 'Training Mode' setting, we advise that you are 100% sure that all applications installed on your computer are assigned the correct network access rights.

Tip: Use this setting temporarily while playing an online game for the first time. This will suppress all alerts while the firewall learns the components of the game that need internet access and automatically create 'allow' rules for them. Afterwards you can switch back to your previous mode.


Disabled: Disables the firewall and makes it inactive. All incoming and outgoing connections are allowed irrespective of the restrictions set by the user. Comodo strongly advise against this setting unless you are sure that you are not currently connected to any local or wireless networks.



Defence+
Paranoid Mode: This is the highest security level setting and means that Defense+ will monitor and control all executable files apart from those that you have deemed safe. The firewall will not attempt to learn the behavior of any applications - even those applications on the Comodo safe list. and will only use your configuration settings to filter critical system activity. Similarly, the firewall will not automatically create 'Allow' rules for any executables - although you still have the option to treat an application as 'Trusted' at the Defense+ alert. Choosing this option will generate the most amount of Defense+ alerts and is recommended for advanced users that require complete awareness of activity on their system.


Safe Mode: While monitoring critical system activity, the firewall will automatically learn the activity of executables and applications certified as 'Safe' by Comodo. It will also automatically create 'Allow' rules these activities. For non-certified, unknown, applications, you will receive an alert whenever that application attempts to run. Should you choose, you can add that new application to the safe list by choosing 'Treat this application as a Trusted Application' at the alert. This will instruct the firewall not to generate an alert the next time it runs. If your machine is not new or known to be free of malware and other threats as in 'Clean PC Mode' then Safe Mode' is recommended setting for most users   - combining the highest levels of security with an easy-to-manage number of Defense+ alerts.


Clean PC Mode: From the time you set the slider to 'Clean PC Mode', Defense+ will learn the activities of the applications currently installed on the computer while all new executables introduced to the system are monitored and controlled. This patent-pending mode of operation is the recommended option on a new computer or one that the user knows to be clean of malware and other threats. From this point onwards Defense+ will alert the user whenever a new, unrecognized application is being installed. In this mode, the files in 'My Pending Files' are excluded from being considered as clean and are monitored and controlled.

'Installation Mode:  Installer applications and updaters may need to execute other processes in order to run effectively. These are called 'Child Processes'. In 'Paranoid',  Safe' and 'Clean PC modes', Defense+ would raise an alert every time these child processes attempted to execute because they have no access rights.  Whilst in one of these 3 modes, Comodo Firewall Pro will make it easy to install new applications that you trust by offering you the opportunity to temporarily engage 'Installation Mode' - which will temporarily bestow these child processes with the same access rights as the parent process - so allowing the installation to proceed without the usual alerts.

Training Mode: The firewall will monitor and learn the activity of any and all executables and create automatic 'Allow' rules until the security level is adjusted. You will not receive any Defense+ alerts in 'Training Mode'. If you choose the 'Training Mode' setting, we advise that you are 100% sure that all applications and executables installed on your computer are safe to run.

Tip: This mode can be used as the “Gaming Mode”. It is handy to use this setting temporarily when you are running an (unknown but trusted) application or Games for the first time. This will suppress all Defense+ alerts while the firewall learns the components of the application that need to run on your machine and automatically create 'Allow' rules for them. Afterwards, you can switch back to 'Safe Mode' mode).

Disabled: Disables Defense+ protection. All executables and applications are allowed to run irrespective of your configuration settings. Comodo strongly advise against this setting unless you are confident that you have an alternative intrusion defense system installed on your computer.
Windows 7 x64
AMD FX 8120, 8gb ram, ATI 6870 1gb

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: GRC Leak Test
« Reply #6 on: September 02, 2008, 01:20:40 PM »
By the way, your picture is pretty creepy! I forget what that guy says in the movie though when he's chasing after his family  (:NRD)
Windows 7 x64
AMD FX 8120, 8gb ram, ATI 6870 1gb

Offline grayhair

  • Comodo's Hero
  • *****
  • Posts: 293
Re: GRC Leak Test
« Reply #7 on: September 02, 2008, 01:53:48 PM »
By the way, your picture is pretty creepy! I forget what that guy says in the movie though when he's chasing after his family  (:NRD)

   I believe the line is, "Herrrrrre's Johnny!!"  I might be wrong, it was a long time ago I saw it.

   Personally I run my CFP firewall setting at Custom, and D+ at Paranoid.  Yes, there are windows that popup, but after a while there are not so many as CFP learns what you are doing.

   

Offline BobJam

  • Comodo Member
  • **
  • Posts: 32
Re: GRC Leak Test
« Reply #8 on: September 02, 2008, 10:27:48 PM »
Yes, it's "Herrreeee's Johnny", said only as Jack Nicholson can say it.
BJ

Ultimately, the only protection against phishing, forged Web pages, downloading malware, and other threats is the technology located between the user's ears

Offline -[HUAWEI_OPTIX]-

  • Comodo's Hero
  • *****
  • Posts: 373
  • TELECOM Technician 2G & 3G Base Stations
    • https://www.facebook.com/karl.j.benz
Re: GRC Leak Test
« Reply #9 on: September 03, 2008, 01:01:14 AM »
HE!!O BobJam  (:WIN)

I tried GRC Leak Test with my CFP3 Firewall Set to CUSTOM and Defense+ set to SAFE MODE GRC Leak Test was successfully Blocked by my CFP3 that's why I make an Experiment, I changed my CFP3 to TRAINING MODE both Firewall and Defense+ Hmmm.... GRC Leak Test PENETRATED my system! ! ! well I BLOCKED the GRC Leak Test on my Firewall and Defense+ under TRAINING MODE again then I run GRC Leak Test as administrator and Here's the evidence on How powerful CFP3 Even under TRAINING MODE both of my Firewall and Defense+

 (:TNG)  (:TNG)  (:TNG)
             (:TNG)  (:TNG)  (:TNG)
                         (:TNG)  (:TNG)  (:TNG)
« Last Edit: September 03, 2008, 01:10:44 AM by LEWIS HAMILTON »
CPU/OS:
- INTEL ATOM Dual Core 1.85mHz CEDAR TRAIL[at] Win7 Ultimate

LONG RANGE ANTI MALWARE PROTECTION:
- CIS Premium FULL CONFIG Capable of Listening Malwares and Hackers.

EMERGENCY COUNTER MEASURES and WEAPON:
- SAS and MBAM

CONNECTION:
- LINKSYS E Series WiFi Power by GLOBE DSL

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: GRC Leak Test
« Reply #10 on: September 03, 2008, 01:19:48 AM »
HE!!O BobJam  (:WIN)

I tried GRC Leak Test with my CFP3 Firewall Set to CUSTOM and Defense+ set to SAFE MODE GRC Leak Test was successfully Blocked by my CFP3 that's why I make an Experiment, I changed my CFP3 to TRAINING MODE both Firewall and Defense+ Hmmm.... GRC Leak Test PENETRATED my system! ! ! well I BLOCKED the GRC Leak Test on my Firewall and Defense+ under TRAINING MODE again then I run GRC Leak Test as administrator and Here's the evidence on How powerful CFP3 Even under TRAINING MODE both of my Firewall and Defense+

It's alright Lew :) Already solved his problem yesterday. lol
Windows 7 x64
AMD FX 8120, 8gb ram, ATI 6870 1gb

Offline -[HUAWEI_OPTIX]-

  • Comodo's Hero
  • *****
  • Posts: 373
  • TELECOM Technician 2G & 3G Base Stations
    • https://www.facebook.com/karl.j.benz
Re: GRC Leak Test
« Reply #11 on: September 03, 2008, 01:29:59 AM »
Yeah Kyle I know that . . .  I just want to show that my Firewall had pass! Hehehe. . .

 :BNC  :BNC  :BNC
          :BNC  :BNC  :BNC
                   :BNC  :BNC  :BNC
CPU/OS:
- INTEL ATOM Dual Core 1.85mHz CEDAR TRAIL[at] Win7 Ultimate

LONG RANGE ANTI MALWARE PROTECTION:
- CIS Premium FULL CONFIG Capable of Listening Malwares and Hackers.

EMERGENCY COUNTER MEASURES and WEAPON:
- SAS and MBAM

CONNECTION:
- LINKSYS E Series WiFi Power by GLOBE DSL

Offline ganda

  • thermodynamic defier
  • Comodo's Hero
  • *****
  • Posts: 5894
Re: GRC Leak Test
« Reply #12 on: September 03, 2008, 01:58:01 AM »
Yeah Kyle I know that . . .  I just want to show that my Firewall had pass! Hehehe. . .
we can do that ??? oh i wanna post mine too  :BNC  ;D

oh ehm  (:NRD)  hmmfftt >:(

 ^_^ i'm gonna lock this topic.  :-TU
PM me or other online mod to reopen it.  :Beer

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek