Any application is weaker on a 64bit computer, because windows driver signing makes Comodo unable to hook to the kernel, Comodo has less of a priority and may be unable to perform its duties correctly.
I couldn’t quite get a CLT score of 340/340 with either v4.1 or v5.0, but just after I upgraded to v5.3 I configured it, ran CLT and it got a perfect score…
I’m using Win 7 x64 and with CIS stock configurations I had 110/340.
I found that unchecking “Automatically detect installers/updaters and run them outside the Sandbox” will give me a score of 320/340, failing two vulnerabilities - Impersonation: ExplorerAsParent and Impersonation: DDE.
But when I disable the sandbox I get way more Defense+ and Firewall alerts and I scored a perfect 340/340.
If as I understand, the Comodo Leak Tester takes no account of whether the activity is malicious, then this makes sense.
Other capable suites score very poorly when tested with CLT because they allow access to anything whitelisted and/or not in their malware database.
Do you mean,
a) that the lack of Microsoft-signed kernel-mode drivers in CIS means that it cannot intercept some malware, or
b) that the requirement for malware to have MS-signed kernel-mode drivers limits the potential for such exploits?
I think I’ll keep sandbox disabled for now.
I had it disabled in 5.1 and when I upgraded to 5.3 I decided to stick with stock configurations, as I’ve seen most all malware tests performed under those conditions. But I’m perfectly fine with all kinds of alerts/pop-ups. Also, in my opinion, I think the leak test is a pretty important test so having CIS set up to score perfect gives me some peace of mind
CLT is fooled by virtualisation, not the automatic sandboxing (without virtualisation).
Anyway, that does not explain the score 50/340, since Windows 7 x64 gets 190/340 without CIS.