Author Topic: CIS premium and LeakTest - 200/340  (Read 5333 times)

Offline RGandy1884

  • Newbie
  • *
  • Posts: 24
CIS premium and LeakTest - 200/340
« on: January 12, 2013, 06:53:39 PM »
I don't know if this is the right forum for it to go in, and I don't know what I need to post here beyond the log of my leaktest run and the settings I'm using.  I'd appreciate any help to close the holes in my configuration if that's possible.

Firewall settings:

Proactive mode
Custom ruleset
IPV6 and loopback traffic filtered
Protocol analysis and anti-ARP spoofing boxes checked
Fragmented IP traffic blocked

HIPS settings:

Paranoid mode
14/14 activities monitored
"Enable enhanced protection mode" box ticked
"Detect installers and show privilege elevation alerts" ticked
Heuristic command-line analysis and shellcode injections boxes checked.
No exceptions listed

Sandbox settings:

Unknown apps auto untrusted
Automatic startup for services installed in sandbox unchecked

---

Date   6:38:46 AM - 1/13/2013
OS   Windows Vista SP1 build 7601
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Protected
3. RootkitInstallation: DriverSupersede   Protected
4. RootkitInstallation: ChangeDrvPath   Vulnerable
5. Invasion: Runner   Protected
6. Invasion: RawDisk   Vulnerable
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Vulnerable
9. Invasion: DebugControl   Protected
10. Injection: SetWinEventHook   Vulnerable
11. Injection: SetWindowsHookEx   Vulnerable
12. Injection: SetThreadContext   Protected
13. Injection: Services   Vulnerable
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Protected
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Vulnerable
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Protected
24. Impersonation: DDE   Vulnerable
25. Impersonation: Coat   Vulnerable
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Vulnerable
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Vulnerable
31. Hijacking: StartupPrograms   Vulnerable
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Vulnerable
34. Hijacking: ActiveDesktop   Protected
Score   200/340

Let me know if there's anything else I need to do.  Thanks.

Offline John Buchanan

  • "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well armed lamb contesting the outcome of the vote." ~ Benjamin Franklin
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6682
  • Personal Dragons can be defeated. Improve yourself
Re: CIS premium and LeakTest - 200/340
« Reply #1 on: January 12, 2013, 08:53:59 PM »
Leaktest was not designed to test with a sandbox. Results will be false leading you to the wrong conclusions.
Please follow Comodo Forum Policy

Bah! Ban 'em all! The only good member is a banned member
And a member is just a policy violator who hasn't been caught yet. >:-D

Offline RGandy1884

  • Newbie
  • *
  • Posts: 24
Re: CIS premium and LeakTest - 200/340
« Reply #2 on: January 12, 2013, 08:59:13 PM »
But I'm not running it in a sandbox.  I've been giving it unlimited access rights every time the box comes up that asks how I want to run it, even hitting "trust this application."  And there isn't the green box around it either.

One thing I forgot to mention that's weird and not really related - I'm running Windows 7 instead of Vista.  Is that supposed to say vista?
« Last Edit: January 12, 2013, 11:25:21 PM by RGandy1884 »

Offline John Buchanan

  • "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well armed lamb contesting the outcome of the vote." ~ Benjamin Franklin
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6682
  • Personal Dragons can be defeated. Improve yourself
Re: CIS premium and LeakTest - 200/340
« Reply #3 on: January 13, 2013, 01:13:33 AM »
Ever since v5,Leaktest has not reported accurately. It was meant to test a pure Hips system, of which versions 5 and 6 are not.
There seems to be no one setup that will report accurately for all users.
With all due respect, you cannot base security on an old Leaktest program not designed to correctly test today's software suites.

Please follow Comodo Forum Policy

Bah! Ban 'em all! The only good member is a banned member
And a member is just a policy violator who hasn't been caught yet. >:-D

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: CIS premium and LeakTest - 200/340
« Reply #4 on: January 13, 2013, 10:37:05 AM »
Here is a thread that will help you get better results.

Getting Accurate Leak Test Results

Offline RGandy1884

  • Newbie
  • *
  • Posts: 24
Re: CIS premium and LeakTest - 200/340
« Reply #5 on: January 13, 2013, 10:44:03 AM »
Ever since v5,Leaktest has not reported accurately. It was meant to test a pure Hips system, of which versions 5 and 6 are not.
There seems to be no one setup that will report accurately for all users.
With all due respect, you cannot base security on an old Leaktest program not designed to correctly test today's software suites.



Then is there something that will accurately test these suites?

I don't really need it if the guidelines given on other threads are any indication but at the same time I can't imagine why there wouldn't be something out there.

Offline loverboy

  • Comodo's Hero
  • *****
  • Posts: 430
Re: CIS premium and LeakTest - 200/340
« Reply #6 on: January 13, 2013, 10:47:39 AM »
 I've been giving it unlimited access rights every time the box comes up that asks how I want to run it, even hitting "trust this application."  

If you "allow" all of the leak-test actions, how do you think you can get 340/340?  ???
Windows 10 Home 64bit
NOD32 Antivirus 16.0.24.0
COMODO Firewall 12.2.2.8012
Configuration: Proactive Security
Firewall: Custom Ruleset
HIPS: Disabled
Auto-Sandbox: Disabled

Offline RGandy1884

  • Newbie
  • *
  • Posts: 24
Re: CIS premium and LeakTest - 200/340
« Reply #7 on: January 13, 2013, 11:49:07 AM »
If you "allow" all of the leak-test actions, how do you think you can get 340/340?  ???

>.<

Good point, actually.   I'll run it without doing that and see what happens.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek