Author Topic: AWFT 3.2, Comodo failed test no.4 (PAUSE) NOT ;)  (Read 4750 times)

Offline siena

  • Newbie
  • *
  • Posts: 3
AWFT 3.2, Comodo failed test no.4 (PAUSE) NOT ;)
« on: January 03, 2007, 08:34:04 AM »
Hi,

this is my first post here, i have to say thank you for Comodo :)
I have one question. Is there possibility that Comodo fails at 4th AWFT test:

Quote
(Attempts to load a copy of the default browser from within Windows Explorer and patch it in memory before execution. Defeats PFs which require authorization for an application to load another one (succeeding on Technique 1) - Windows Explorer is normally authorized. This test usually succeeds, unless the default browser is blocked from accessing the Internet.)

when i have Opera (or other default browser) set as trusted?
I made add trusted application or checked Remember my answer for this application then pressed Allow. After this, I ran tests and test no.4 failed- I got info from WWW.
Comodo will pass this test if I remove default browser from Security -> Application Monitor.
Is it normal? if yes then... well... i will cry

Thanks and sorry for poor english (I know that you don't care ;PP)

 
« Last Edit: January 03, 2007, 10:38:23 AM by siena »

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: AWFT 3.2, Comodo failed test no.4?
« Reply #1 on: January 03, 2007, 08:52:46 AM »
Hi,

this is my first post here, i have to say thank you for Comodo :)
I have one question. Is there possibility that Comodo fails at 4th AWFT test:

when i have Opera (or other default browser) set as trusted?
I made add trusted application or checked Remember my answer for this application then pressed Allow. After this, I ran tests and test no.4 failed- I got info from WWW.
Comodo will pass this test if I remove default browser from Security -> Application Monitor.
Is it normal? if yes then... well... i will cry

Thanks and sorry for poor english (I know that you don't care ;PP)

 

No this is not normal. It should properly report the leak attempt. Can you tell us more about your CPF configuration?

What about thermite and copycat tests? They are the same tests as #4.

Egemen

Offline siena

  • Newbie
  • *
  • Posts: 3
Re: AWFT 3.2, Comodo failed test no.4?
« Reply #2 on: January 03, 2007, 08:56:24 AM »
I'll make tests using thermite and copycat.
Unfortunately my AWFT has expired :>
I'll describe my CPF conf ASAP (I'm using stable version 2.3.6.81).
Stay tuned

Offline siena

  • Newbie
  • *
  • Posts: 3
Re: AWFT 3.2, Comodo failed test no.4?
« Reply #3 on: January 03, 2007, 10:33:19 AM »
Ok I did some testing and I have to appologise for this imho false positive.


As I've already said in previous post, my AWFT has expired, so I used apps that you suggested.

I drop thermite since its for IE only and focused on copycat instead.
My default browser is Opera 9.02  (latest public build)  and I have cache turned on.

Did tests with Opera as trusted app and without all tests passed. bravo!

During tests i've realised one, simple thing, Opera renders some static pages without connecting to net, so f.e. I typed www.google.com <enter>, Comodo showed prompt, that Opera wants to connect to inet, but Opera rendered part of static page and was waiting to download GOOGLE letter images (if i press ALLOW in comodo).

Conclusion: Page, that AWFT uses as default, is IMHO static. Opera renders first static content then dynamic (content that needs to be downloaded from webserver). AWFT makes false positive in this case. It creates(loads) Opera process and tries to connect to web, Opera returns static content first (I was testing Kerio first, so I had http://www.atelierweb.com/awft.htm in Opera's cache) then (if needed) connects to webserver.
Thats WHY I didn't get comodo's warning- because there were no reasons for opera to connect to webserver, ( http://www.atelierweb.com/awft.htm in its cache). Opera sent cached content to AWFT and AWFT's interpretation was bad.(or maybe my interpretation is bad)

Sorry for troubles, AWFT should make some dynamic content :)
« Last Edit: January 03, 2007, 10:45:06 AM by siena »

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: AWFT 3.2, Comodo failed test no.4 (PAUSE) NOT ;)
« Reply #4 on: January 03, 2007, 10:53:22 AM »
No problems

Good luck,
Egemen

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek