A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??

Learn about Computer Security Leak Testing/Attacks/Vulnerability Research
1

Hello (and sorry for my bad english i prefer not use auto Translator)

What is my surprise when i was test Comodo Internet Security 5.3.xxxx with CLT.

A result of 50/340 !!!

I have 3 systems: One with XP x32 ,another with Vista x32 and the last with Seven x64.

With all x32 system i have a score of 330/340 but with Seven x64 it’s a very bad result of 50/340 ,with exactly the same configuration !!!

Comodo is a very bad protection software with 64 bits system ??!

I use CIS since many years and is the first time i am in the point to remove them to my 64 bit system.

But before make this i prefer ask to the community his opinion.

Thank.

2

Any application is weaker on a 64bit computer, because windows driver signing makes Comodo unable to hook to the kernel, Comodo has less of a priority and may be unable to perform its duties correctly.

3

Thats odd.
I have a 64-bit machine and got 340/340.
Although that was with version 5.1.
Maybe i should test the 5.3.

4

Version 5.3 is the official name for version 5.1.

5

thanks for that info elliott.

6

Windows 7 x64 with no security software installed gets 190/340, so maybe something was wrong with CLT.

7

I always find that CLT is a test on the user.
How defence+ alerts were answered affected the result.

8

I couldn’t quite get a CLT score of 340/340 with either v4.1 or v5.0, but just after I upgraded to v5.3 I configured it, ran CLT and it got a perfect score…

~Maxx~

[attachment deleted by admin]

9

340/340 with Current CIS Version; Win7 x64

:slight_smile:

10

Very strange !?

11

I’m using Win 7 x64 and with CIS stock configurations I had 110/340.

I found that unchecking “Automatically detect installers/updaters and run them outside the Sandbox” will give me a score of 320/340, failing two vulnerabilities - Impersonation: ExplorerAsParent and Impersonation: DDE.

But when I disable the sandbox I get way more Defense+ and Firewall alerts and I scored a perfect 340/340.

12

If as I understand, the Comodo Leak Tester takes no account of whether the activity is malicious, then this makes sense.
Other capable suites score very poorly when tested with CLT because they allow access to anything whitelisted and/or not in their malware database.

13

Do you mean,
a) that the lack of Microsoft-signed kernel-mode drivers in CIS means that it cannot intercept some malware, or
b) that the requirement for malware to have MS-signed kernel-mode drivers limits the potential for such exploits?

14

I think I’ll keep sandbox disabled for now.
I had it disabled in 5.1 and when I upgraded to 5.3 I decided to stick with stock configurations, as I’ve seen most all malware tests performed under those conditions. But I’m perfectly fine with all kinds of alerts/pop-ups. Also, in my opinion, I think the leak test is a pretty important test so having CIS set up to score perfect gives me some peace of mind :smiley:

15

But that test was not designed to test the sandbox.
Read …
https://forums.comodo.com/leak-testingattacksvulnerability-research/getting-accurate-leak-test-results-t61715.0.html

The sandbox lets things ‘run’ which fools the CLT into thinking that there was a leak.
The test was designed to test the HIPS side of Comodo.

16

CLT is fooled by virtualisation, not the automatic sandboxing (without virtualisation). :wink:
Anyway, that does not explain the score 50/340, since Windows 7 x64 gets 190/340 without CIS. :slight_smile:

17

340/340 with last version, Win7 x64; proactive defense.

Try to use proactive defense…