Welcome, Guest. Please login or register.
January 08, 2010, 06:53:00 AM

Login with username, password and session length

348974 Posts
38574 Topics
87707 Members

Latest Member: mad11

Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Desktop Security Products
| |-+  Comodo Internet Security - CIS
| | |-+  Leak Testing/Attacks/Vulnerability Research
| | | |-+  Comodo Leak Tests-Vulnerable Test
« previous next »
Pages: [1] Go Down Print
Author Topic: Comodo Leak Tests-Vulnerable Test  (Read 2598 times)
emalacademia
Newbie
*
Offline Offline

Posts: 3


« on: May 15, 2009, 09:59:32 PM »

hi,I need help for to comodo it is totally safe

Security Firewall is my config for Comodo
The level of the firewall is Safe Mode
And the Defense+ is the level is safe Mode


Date   23:38:15 - 15/05/2009
OS   Windows XP SP2 build 2600
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Protected
3. RootkitInstallation: DriverSupersede   Vulnerable
4. RootkitInstallation: ChangeDrvPath   Protected
5. Invasion: Runner   Protected
6. Invasion: RawDisk   Protected
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Vulnerable
9. Invasion: DebugControl   Protected
10. Injection: SetWinEventHook   Protected
11. Injection: SetWindowsHookEx   Protected
12. Injection: SetThreadContext   Protected
13. Injection: Services   Protected
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Protected
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Protected
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Protected
24. Impersonation: DDE   Protected
25. Impersonation: Coat   Protected
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Protected
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Protected
31. Hijacking: StartupPrograms   Protected
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Protected
34. Hijacking: ActiveDesktop   Protected

Score   310/340

Thank you for your understanding
Regards
Logged
devenroy
Malware Research Group
Comodo's Hero
*****
Offline Offline

Posts: 428



« Reply #1 on: May 15, 2009, 10:30:44 PM »

i want to know which cis version u used while doing this test like for example 3.5, 3.8, 3.9 and if 3.9 then was it 3.9.xxx.507 or something?
Logged

Thanks,
Deven
languy99
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 909



« Reply #2 on: May 15, 2009, 10:33:12 PM »

best way to fix that is right click on the comodo icon in task bar, go to configuration and select proactive. Now to the test again, I bet you will get 340.  Grin
Logged

http://www.youtube.com/languy99

Software Reviews For All
emalacademia
Newbie
*
Offline Offline

Posts: 3


« Reply #3 on: May 16, 2009, 09:53:59 AM »

best way to fix that is right click on the comodo icon in task bar, go to configuration and select proactive. Now to the test again, I bet you will get 340.  Grin
With the configuracion of Proactive Security

Date   11:48:51 - 16/05/2009
OS   Windows XP SP2 build 2600
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Vulnerable
3. RootkitInstallation: DriverSupersede   Vulnerable
4. RootkitInstallation: ChangeDrvPath   Vulnerable
5. Invasion: Runner   Protected
6. Invasion: RawDisk   Vulnerable
7. Invasion: PhysicalMemory   Vulnerable
8. Invasion: FileDrop   Vulnerable
9. Invasion: DebugControl   Vulnerable
10. Injection: SetWinEventHook   Vulnerable
11. Injection: SetWindowsHookEx   Vulnerable
12. Injection: SetThreadContext   Vulnerable
13. Injection: Services   Vulnerable
14. Injection: ProcessInject   Vulnerable
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Vulnerable
18. Injection: APC dll injection   Vulnerable
19. Injection: AdvancedProcessTermination   Vulnerable
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Protected
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Protected
24. Impersonation: DDE   Protected
25. Impersonation: Coat   Protected
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Protected
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Vulnerable
31. Hijacking: StartupPrograms   Protected
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Protected
34. Hijacking: ActiveDesktop   Protected
Score   170/340

i want to know which cis version u used while doing this test like for example 3.5, 3.8, 3.9 and if 3.9 then was it 3.9.xxx.507 or something?

My Product Version is the last version: 3.9.95478.509
« Last Edit: May 16, 2009, 09:59:23 AM by emalacademia » Logged
hullboy
Comodo Loves me
****
Offline Offline

Posts: 181



« Reply #4 on: May 16, 2009, 10:47:38 AM »

Are you sure that you didn't have the Leak Test already on your PC and you set "Clean PC Mode"?  Huh
Logged

Windows XP Home SP3 32bit
NOD32 2.70.39
COMODO CIS 3.13.126709.581
Configuration: Proactive Security
Firewall Security Level: Custom Policy Mode
Defense+ Security Level: Clean PC Mode
emalacademia
Newbie
*
Offline Offline

Posts: 3


« Reply #5 on: May 16, 2009, 11:14:15 AM »

Clean mode Pc in the firewall or in defense+?

I have tested new with the configuration Comodo Internet Security

OS   Windows XP SP2 build 2600
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Protected
3. RootkitInstallation: DriverSupersede   Protected
4. RootkitInstallation: ChangeDrvPath   Protected
5. Invasion: Runner   Protected
6. Invasion: RawDisk   Protected
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Protected
9. Invasion: DebugControl   Protected
10. Injection: SetWinEventHook   Protected
11. Injection: SetWindowsHookEx   Protected
12. Injection: SetThreadContext   Protected
13. Injection: Services   Protected
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Protected
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Protected
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Protected
24. Impersonation: DDE   Protected
25. Impersonation: Coat   Protected
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Protected
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Protected
31. Hijacking: StartupPrograms   Protected
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Protected
34. Hijacking: ActiveDesktop   Protected
Score   330/340
« Last Edit: May 16, 2009, 11:34:57 AM by emalacademia » Logged
Vettetech
Guest
« Reply #6 on: May 20, 2009, 04:12:15 PM »

You must have click allow and not block. I have CIS running on 4 machines and they all pass with a 340/340. Keep in mind you need to delete all entries of the test before trying again. Your best bet is delete the test. Do a complete uninstall of CIS and reboot. Install the latest version and you will pass. As long as you click "BLOCK" on all the alerts except for the first one. You need to allow the test to run.
Logged
topmoxie
Comodo Member
**
Offline Offline

Posts: 42


« Reply #7 on: June 04, 2009, 11:37:05 PM »

I understand about the block, I tried this on my computer last month and it gave me 340 pass. then I reformatted and it gives me 320, I have deletted my firewall setttings several times and tried and get the same results , when it comes to the 2 that fails it never asks me to allow or block, sending a screen shot, so what is wrong

http://s150.photobucket.com/albums/s117/coleman9753/?action=view&current=Comodoleaktest.jpg
Logged
John Buchanan
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 2597


Behold, there be Dragons here!


« Reply #8 on: June 04, 2009, 11:41:58 PM »

Since you ran the tests already, try removing any rules created in Defense+ and the Firewall for CLT.exe.
Then, with CIS in Proactive mode, and the firewall and Defense+ both set on Safe, rerun the test.
Logged

 
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.081 seconds with 18 queries.
Powered by SMF 1.1.11 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by 7dana.com