WallBreaker simply bypasses comodo firewall!!! [Resolved]

[Guest]

[soygul]

WallBreaker.exe simply leaks data to internet and cannot be stopped by comodo firewall!! Does anyone know any way to configure the firewall to stop this kind of leaks?

info: http://www.firewallleaktester.com/leaktest11.htm
exe file: http://www.firewallleaktester.com/leaks/WallBreaker.exe

[Toggie]

Hi soygul, welcome to the forum.

You might want to look at these results:

http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

Toggie

[soygul]

Yeah i've seen the results and it says "On the highest security settings, Comodo passed all leak-tests" but how to get that highest security I've messed around the firewall quite a bit but still couldn't stop the leakage...

[Toggie]

I just ran the WallBreaker tests and CFP passed every test. Meaning that IE didn't connect to the website. Just simply a case of denying IE when CFP prompts.

I'm not sure what their definition of 'Highest Settings' is, and they don't seem to indicate how they performed their tests, at least I can't find it...

I'm going to move this to the firewall leak testing forum. It's a better place for it.

Toggie

[kail]

Hi soygul

With regards to the Highest Security level, I think that Matousec might have been referring to CFPs Alert Frequency Level (Security - Advanced - Miscellaneous) of Very High.

[gibran]

The concept behind these leaktests it to see if the application (iexplorer) loaded by various means is able to connect to the internet.

CPF with standard settings is able to block this leaktest.

How many application rules for iexploere.exe do you have?
Is there a parent application specified in these rules?

[soygul]

Hi soygul

With regards to the Highest Security level, I think that Matousec might have been referring to CFPs Alert Frequency Level (Security - Advanced - Miscellaneous) of Very High.

Exactly! When Alert Frequency Level = Medium -or- High, the leaktest fails (a popup warns about wallbreaker.exe trying to launch ie in order to connect to the net...). So problem fixed. Thanks for the help.

[Little Mac]

Melih told me before, regarding those "highest settings" that it means High Alert Frequency, and uncheck the box "Do not show alerts for applications certified by Comodo." 

Hope that helps,

LM

[gibran]

Exactly! When Alert Frequency Level = Medium -or- High, the leaktest fails (a popup warns about wallbreaker.exe trying to launch ie in order to connect to the net...). So problem fixed. Thanks for the help.

CPF passed wallbreaker leaktests using very low alert frequency setting and don't show any alert for application certified by comodo here.

I ran wallbreaker as intended and got no problem.

But using a slight testing procedure variation I managed to fail Test 1 and 3 until i disabled don't show any alert for application certified by comodo.

Before every leaktest I killed explorer.exe process then reloaded explorer.exe and ran one of the leaktests.
CPF passed all of them this way under admin account usinig IE6.

But If I kill explorer.exe and let wallbreaker load it (using test 1 and 3) CFP fails those tests.
The test is exploited using the default browser (it doesn't have to be iexplore.exe).

Disabling don't show any alert for application certified by comodo somewhat solved this issue because CPF alerted me that explorer.exe attempted to run iexplore.exe through windows messages (explorer.exe modified the user interface of iexplore.exe...but mentioned that explorer.exe was a safe application) instead of directly loading it.

Knowing that I was running a leaktest I blocked those attempts but under real-life conditions I would have failed to notice that.

If iexplore 6 is not the default browser the test fails...

 [ at ]  all: Do you mind running wallbreaker test one more time?

[Tags:]