CIS premium and LeakTest - 200/340

I don’t know if this is the right forum for it to go in, and I don’t know what I need to post here beyond the log of my leaktest run and the settings I’m using. I’d appreciate any help to close the holes in my configuration if that’s possible.

Firewall settings:

Proactive mode
Custom ruleset
IPV6 and loopback traffic filtered
Protocol analysis and anti-ARP spoofing boxes checked
Fragmented IP traffic blocked

HIPS settings:

Paranoid mode
14/14 activities monitored
“Enable enhanced protection mode” box ticked
“Detect installers and show privilege elevation alerts” ticked
Heuristic command-line analysis and shellcode injections boxes checked.
No exceptions listed

Sandbox settings:

Unknown apps auto untrusted
Automatic startup for services installed in sandbox unchecked


Date 6:38:46 AM - 1/13/2013
OS Windows Vista SP1 build 7601

  1. RootkitInstallation: MissingDriverLoad Protected
  2. RootkitInstallation: LoadAndCallImage Protected
  3. RootkitInstallation: DriverSupersede Protected
  4. RootkitInstallation: ChangeDrvPath Vulnerable
  5. Invasion: Runner Protected
  6. Invasion: RawDisk Vulnerable
  7. Invasion: PhysicalMemory Protected
  8. Invasion: FileDrop Vulnerable
  9. Invasion: DebugControl Protected
  10. Injection: SetWinEventHook Vulnerable
  11. Injection: SetWindowsHookEx Vulnerable
  12. Injection: SetThreadContext Protected
  13. Injection: Services Vulnerable
  14. Injection: ProcessInject Protected
  15. Injection: KnownDlls Vulnerable
  16. Injection: DupHandles Protected
  17. Injection: CreateRemoteThread Protected
  18. Injection: APC dll injection Protected
  19. Injection: AdvancedProcessTermination Protected
  20. InfoSend: ICMP Test Protected
  21. InfoSend: DNS Test Vulnerable
  22. Impersonation: OLE automation Protected
  23. Impersonation: ExplorerAsParent Protected
  24. Impersonation: DDE Vulnerable
  25. Impersonation: Coat Vulnerable
  26. Impersonation: BITS Protected
  27. Hijacking: WinlogonNotify Protected
  28. Hijacking: Userinit Vulnerable
  29. Hijacking: UIHost Protected
  30. Hijacking: SupersedeServiceDll Vulnerable
  31. Hijacking: StartupPrograms Vulnerable
  32. Hijacking: ChangeDebuggerPath Protected
  33. Hijacking: AppinitDlls Vulnerable
  34. Hijacking: ActiveDesktop Protected
    Score 200/340

Let me know if there’s anything else I need to do. Thanks.

Leaktest was not designed to test with a sandbox. Results will be false leading you to the wrong conclusions.

But I’m not running it in a sandbox. I’ve been giving it unlimited access rights every time the box comes up that asks how I want to run it, even hitting “trust this application.” And there isn’t the green box around it either.

One thing I forgot to mention that’s weird and not really related - I’m running Windows 7 instead of Vista. Is that supposed to say vista?

Ever since v5,Leaktest has not reported accurately. It was meant to test a pure Hips system, of which versions 5 and 6 are not.
There seems to be no one setup that will report accurately for all users.
With all due respect, you cannot base security on an old Leaktest program not designed to correctly test today’s software suites.

Here is a thread that will help you get better results.

Getting Accurate Leak Test Results

Then is there something that will accurately test these suites?

I don’t really need it if the guidelines given on other threads are any indication but at the same time I can’t imagine why there wouldn’t be something out there.

If you “allow” all of the leak-test actions, how do you think you can get 340/340? ???

.<

Good point, actually. I’ll run it without doing that and see what happens.