190/340 altough all settings are fine?

Learn about Computer Security Leak Testing/Attacks/Vulnerability Research
1

I use:
Windows 7 Prof. x64
EMET 2.1 with most programs added to it.
Comodo Internet Security suite 5.5
Proactive Security
Firewall: Safe Mode + Medium Alert level
Defense+: Safe Mode
basically everything is like described in the “how to get accurate leaktest results” topic.

When i run the test without sandboxing it (so allowing it until the actuall clt screen shows up) i get 190/340… i pressed “block” on all the pop ups comodo asked me during the test.

COMODO LEAKTESTS V.1.1.0.3 Date 00:00:36 - 29.08.2011 OS Windows Vista SP1 build 7601 1. RootkitInstallation: MissingDriverLoad Protected 2. RootkitInstallation: LoadAndCallImage Protected 3. RootkitInstallation: DriverSupersede Protected 4. RootkitInstallation: ChangeDrvPath Vulnerable 5. Invasion: Runner Vulnerable 6. Invasion: RawDisk Vulnerable 7. Invasion: PhysicalMemory Protected 8. Invasion: FileDrop Vulnerable 9. Invasion: DebugControl Protected 10. Injection: SetWinEventHook Vulnerable 11. Injection: SetWindowsHookEx Vulnerable 12. Injection: SetThreadContext Protected 13. Injection: Services Vulnerable 14. Injection: ProcessInject Protected 15. Injection: KnownDlls Vulnerable 16. Injection: DupHandles Protected 17. Injection: CreateRemoteThread Protected 18. Injection: APC dll injection Protected 19. Injection: AdvancedProcessTermination Protected 20. InfoSend: ICMP Test Protected 21. InfoSend: DNS Test Protected 22. Impersonation: OLE automation Protected 23. Impersonation: ExplorerAsParent Vulnerable 24. Impersonation: DDE Vulnerable 25. Impersonation: Coat Vulnerable 26. Impersonation: BITS Protected 27. Hijacking: WinlogonNotify Protected 28. Hijacking: Userinit Vulnerable 29. Hijacking: UIHost Protected 30. Hijacking: SupersedeServiceDll Vulnerable 31. Hijacking: StartupPrograms Vulnerable 32. Hijacking: ChangeDebuggerPath Protected 33. Hijacking: AppinitDlls Vulnerable 34. Hijacking: ActiveDesktop Protected Score 190/340 (C) COMODO 2008

when i sandbox it (with comodo ofc… when the pop comes which says “sandbox,allow,block”) i get 320/340:

Impersonation : ExplorerAsParent Impersonation : DDE

Can anyone help me with this?
Thanks

------- OPEN IMAGES IN NEW TAB FOR HIGHER RESOLUTION -------

501×537 33.7 KB

496×511 31.5 KB

498×504 29.9 KB

507×520 31.8 KB

500×504 31.6 KB

------- OPEN IMAGES IN NEW TAB FOR HIGHER RESOLUTION -------

732×850 108 KB

706×967 90.3 KB

728×963 99.8 KB

683×951 119 KB

700×971 118 KB

690×903 96.2 KB

711×726 69.5 KB

1037×1011 162 KB

1028×887 147 KB

1009×339 63.2 KB

1050×555 68.5 KB

------- OPEN IMAGES IN NEW TAB FOR HIGHER RESOLUTION -------

2

i just installed a fresh win 7 prof x64 in my virtualbox… changed it to the recommended settings for the leak test and got 200/340… really strange.

3

With sandbox off i got 340/340

4

which OS do you have? x32 or x64 ?

i will try the same thing later on a x32 win7

5

Win7 HP x64. The first popup to allow run the clt i allowed, the other i denied or blocked.