Comodo Leak Tests-Vulnerable Test

[Guest]

[emalacademia]

hi,I need help for to comodo it is totally safe

Security Firewall is my config for Comodo
The level of the firewall is Safe Mode
And the Defense+ is the level is safe Mode


Date   23:38:15 - 15/05/2009
OS   Windows XP SP2 build 2600
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Protected
3. RootkitInstallation: DriverSupersede   Vulnerable
4. RootkitInstallation: ChangeDrvPath   Protected
5. Invasion: Runner   Protected
6. Invasion: RawDisk   Protected
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Vulnerable
9. Invasion: DebugControl   Protected
10. Injection: SetWinEventHook   Protected
11. Injection: SetWindowsHookEx   Protected
12. Injection: SetThreadContext   Protected
13. Injection: Services   Protected
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Protected
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Protected
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Protected
24. Impersonation: DDE   Protected
25. Impersonation: Coat   Protected
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Protected
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Protected
31. Hijacking: StartupPrograms   Protected
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Protected
34. Hijacking: ActiveDesktop   Protected

Score   310/340

Thank you for your understanding
Regards

[devenroy]

i want to know which cis version u used while doing this test like for example 3.5, 3.8, 3.9 and if 3.9 then was it 3.9.xxx.507 or something?

[languy99]

best way to fix that is right click on the comodo icon in task bar, go to configuration and select proactive. Now to the test again, I bet you will get 340. 

[emalacademia]

best way to fix that is right click on the comodo icon in task bar, go to configuration and select proactive. Now to the test again, I bet you will get 340. 

With the configuracion of Proactive Security

Date   11:48:51 - 16/05/2009
OS   Windows XP SP2 build 2600
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Vulnerable
3. RootkitInstallation: DriverSupersede   Vulnerable
4. RootkitInstallation: ChangeDrvPath   Vulnerable
5. Invasion: Runner   Protected
6. Invasion: RawDisk   Vulnerable
7. Invasion: PhysicalMemory   Vulnerable
8. Invasion: FileDrop   Vulnerable
9. Invasion: DebugControl   Vulnerable
10. Injection: SetWinEventHook   Vulnerable
11. Injection: SetWindowsHookEx   Vulnerable
12. Injection: SetThreadContext   Vulnerable
13. Injection: Services   Vulnerable
14. Injection: ProcessInject   Vulnerable
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Vulnerable
18. Injection: APC dll injection   Vulnerable
19. Injection: AdvancedProcessTermination   Vulnerable
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Protected
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Protected
24. Impersonation: DDE   Protected
25. Impersonation: Coat   Protected
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Protected
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Vulnerable
31. Hijacking: StartupPrograms   Protected
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Protected
34. Hijacking: ActiveDesktop   Protected
Score   170/340

i want to know which cis version u used while doing this test like for example 3.5, 3.8, 3.9 and if 3.9 then was it 3.9.xxx.507 or something?

My Product Version is the last version: 3.9.95478.509

[hullboy]

Are you sure that you didn't have the Leak Test already on your PC and you set "Clean PC Mode"? 

[emalacademia]

Clean mode Pc in the firewall or in defense+?

I have tested new with the configuration Comodo Internet Security

OS   Windows XP SP2 build 2600
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Protected
3. RootkitInstallation: DriverSupersede   Protected
4. RootkitInstallation: ChangeDrvPath   Protected
5. Invasion: Runner   Protected
6. Invasion: RawDisk   Protected
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Protected
9. Invasion: DebugControl   Protected
10. Injection: SetWinEventHook   Protected
11. Injection: SetWindowsHookEx   Protected
12. Injection: SetThreadContext   Protected
13. Injection: Services   Protected
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Protected
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Protected
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Protected
24. Impersonation: DDE   Protected
25. Impersonation: Coat   Protected
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Protected
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Protected
31. Hijacking: StartupPrograms   Protected
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Protected
34. Hijacking: ActiveDesktop   Protected
Score   330/340

[Vettetech]

You must have click allow and not block. I have CIS running on 4 machines and they all pass with a 340/340. Keep in mind you need to delete all entries of the test before trying again. Your best bet is delete the test. Do a complete uninstall of CIS and reboot. Install the latest version and you will pass. As long as you click "BLOCK" on all the alerts except for the first one. You need to allow the test to run.

[topmoxie]

I understand about the block, I tried this on my computer last month and it gave me 340 pass. then I reformatted and it gives me 320, I have deletted my firewall setttings several times and tried and get the same results , when it comes to the 2 that fails it never asks me to allow or block, sending a screen shot, so what is wrong

http://s150.photobucket.com/albums/s117/coleman9753/?action=view&current=Comodoleaktest.jpg

[John Buchanan]

Since you ran the tests already, try removing any rules created in Defense+ and the Firewall for CLT.exe.
Then, with CIS in Proactive mode, and the firewall and Defense+ both set on Safe, rerun the test.

[Tags:]