Comodo Firewall Leaktest

Learn about Computer Security Leak Testing/Attacks/Vulnerability Research
1

I recently upgraded my Comodo Firewall from v5.0 to 5.3. Before that, I was getting a 100% (340/340) mark using the Comodo Firewall Leaktest Test My PC Security

When I upgraded, I was required to uninstall the previous version and so I guess my settings got erased. Now, I’m getting only 210/340 using the installation default settings. It says my vulnerabilities are:

  1. RootkitInstallation: ChangeDrvPath
  2. Invasion: RawDisk
  3. Invasion: FileDrop
  4. Injection: SetWinEventHook
  5. Injection: SetWindowsHookEx
  6. Injection: Services
  7. Injection: KnownDlls
  8. Impersonation: DDE
  9. Impersonation: Coat
  10. Hijacking: Userinit
  11. Hijacking: SupersedeServiceDll
  12. Hijacking: StartupPrograms
  13. Hijacking: AppinitDlls

What modifications or settings do I need to do to get it back to 340/340?

2

Apparently CLT was not designed to test HIPS security from within the sandbox.
You need to disable it for this test.

The first time I ran it I had the sandbox enabled and it threw off the results.
Then I found this…
https://forums.comodo.com/empty-t61715.0.html
and after following the instructions on how to clean up any rules that were made the first time I ran the test, as well as how to delete the Internet Explorer (IE) browsing history cache, I got a perfect score.

It might help to also run CCleaner to clean up any left over temp files.

Then you should reboot and then run the test.

3

Moved to the appropriate board.

4

I just follow the rules described in the forum to get a perfect score and got a 130/340.

I just ran the test again and when I got the popup I answered deny and passed the test completely, was that the right thing to do?

5

From the tutorial…section 5

  1. Run CLT*. If you get an alert from the antivirus, click “ignore” and then “Add to trusted files” (the antivirus is alerting you that a leak test application has been launched [it’s flagged as “Application.Win32.LeakTest…”]; it is not saying that the file is malicious).

The first alert that appears should be a defense+ alert that says “explorer.exe is a safe application. However, the executable clt.exe could not be recognized…” For this alert, make sure that “remember my answer” is unchecked, and then click allow.

The CLT program window should appear. Click the “Test” button in CLT and, from this point onward, click “block” when a CIS alert appears.

6

Hi all i have tested my firewall if fails in some security tests it fails in 3 tests: 1 test is BITStester look at http://www.testmypcsecurity.com/securitytests/bitstester.html and fails even in Procx test look at http://www.testmypcsecurity.com/securitytests/procx.htmland fails even in browser test look at Browser Test | PCFlank and at http://www.pcflank.com/browser_test3.htm can you resolve this security issue with a update ?

7

I tried this but it would not run on Win 7. May be I will test it later on XP.

and fails even in Procx test look at http://www.testmypcsecurity.com/securitytests/procx.htmland
Tested on Win 7 and it could not terminate other programs sandboxed or when sandbox disabled. In the latter case I would get a D+ alert.
fails even in browser test look at http://www.pcflank.com/browser_test1.htm and at http://www.pcflank.com/browser_test3.htm can you resolve this security issue with a update ?
Referrer logging and cookies are things you can handle with your browser. CIS does not handle those.