I don’t know if this is the right forum for it to go in, and I don’t know what I need to post here beyond the log of my leaktest run and the settings I’m using. I’d appreciate any help to close the holes in my configuration if that’s possible.
Firewall settings:
Proactive mode
Custom ruleset
IPV6 and loopback traffic filtered
Protocol analysis and anti-ARP spoofing boxes checked
Fragmented IP traffic blocked
HIPS settings:
Paranoid mode
14/14 activities monitored
“Enable enhanced protection mode” box ticked
“Detect installers and show privilege elevation alerts” ticked
Heuristic command-line analysis and shellcode injections boxes checked.
No exceptions listed
Sandbox settings:
Unknown apps auto untrusted
Automatic startup for services installed in sandbox unchecked
Date 6:38:46 AM - 1/13/2013
OS Windows Vista SP1 build 7601
- RootkitInstallation: MissingDriverLoad Protected
- RootkitInstallation: LoadAndCallImage Protected
- RootkitInstallation: DriverSupersede Protected
- RootkitInstallation: ChangeDrvPath Vulnerable
- Invasion: Runner Protected
- Invasion: RawDisk Vulnerable
- Invasion: PhysicalMemory Protected
- Invasion: FileDrop Vulnerable
- Invasion: DebugControl Protected
- Injection: SetWinEventHook Vulnerable
- Injection: SetWindowsHookEx Vulnerable
- Injection: SetThreadContext Protected
- Injection: Services Vulnerable
- Injection: ProcessInject Protected
- Injection: KnownDlls Vulnerable
- Injection: DupHandles Protected
- Injection: CreateRemoteThread Protected
- Injection: APC dll injection Protected
- Injection: AdvancedProcessTermination Protected
- InfoSend: ICMP Test Protected
- InfoSend: DNS Test Vulnerable
- Impersonation: OLE automation Protected
- Impersonation: ExplorerAsParent Protected
- Impersonation: DDE Vulnerable
- Impersonation: Coat Vulnerable
- Impersonation: BITS Protected
- Hijacking: WinlogonNotify Protected
- Hijacking: Userinit Vulnerable
- Hijacking: UIHost Protected
- Hijacking: SupersedeServiceDll Vulnerable
- Hijacking: StartupPrograms Vulnerable
- Hijacking: ChangeDebuggerPath Protected
- Hijacking: AppinitDlls Vulnerable
- Hijacking: ActiveDesktop Protected
Score 200/340
Let me know if there’s anything else I need to do. Thanks.