Author Topic: COMODO Leak Test Suite Updated Version  (Read 290404 times)

Offline L.A.R. Grizzly

  • Comodo's Hero
  • *****
  • Posts: 2043
  • Akron, Ohio, USA
    • Grizzly's Home Page
Re: COMODO Leak Test Suite Updated Version
« Reply #120 on: October 12, 2010, 01:41:36 PM »
Ive read that flipping post and I get an really bad result. Will that affect my overall security. Anyhow if a person in STOCK CONFIG gets 100% why am I in the most protected CONFIG and I  reach really low -.-.

See this:

https://forums.comodo.com/leak-testingattacksvulnerability-research/comodo-leak-test-suite-updated-version-t30110.0.html;msg443168#msg443168
AMD FX-8320 8 Core 3.50 GHz - 16 GB G.Skill DDR3 RAM - nVidia GT610 Graphics
Win7 Pro SP1 64 Bit
CIS 7.0.317799.4142, CCE 2.5.2421

Offline Whoop-dee-doo

  • Cave Dweller
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1112
  • What are you staring at?
Re: COMODO Leak Test Suite Updated Version
« Reply #121 on: October 12, 2010, 07:15:01 PM »
Ive read that flipping post and I get an really bad result. Will that affect my overall security. Anyhow if a person in STOCK CONFIG gets 100% why am I in the most protected CONFIG and I  reach really low -.-.

If you did read this post carefully, you would have noticed the instructions listed in #8, which tells you to post the requested information so that we can help you. I suggest that you make sure you have followed the flippin instructions exactly, and if you are still getting a low score, then post the flippin information that is requested.
"The best way to have a good idea is to have a lot of ideas." - Linus Pauling   :-La 

"Don't find fault. Find a remedy." - Henry Ford

Offline Jacob

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2824
Re: COMODO Leak Test Suite Updated Version
« Reply #122 on: May 18, 2011, 04:16:05 AM »
Doing Good :)
340/340

Default Settings

Thanks....Jake

Please Follow The Forum Rules!

Offline rajeshs

  • Newbie
  • *
  • Posts: 15
Re: COMODO Leak Test Suite Updated Version
« Reply #123 on: May 26, 2011, 11:44:52 PM »
I do know this thread is Very old but cant find any other thread more suitable to post this

I configed my CIS 5.3  as per instruction in below post
Configuration = proactive
https://forums.comodo.com/leak-testingattacksvulnerability-research/getting-accurate-leak-test-results-t61715.0.html;msg434827#msg434827

but i am getting    210/340


COMODO Leaktests v.1.1.0.3
Date   09:09:32 - 27-05-2011
OS   Windows Vista SP1 build 7601
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Protected
3. RootkitInstallation: DriverSupersede   Protected
4. RootkitInstallation: ChangeDrvPath   Vulnerable
5. Invasion: Runner   Vulnerable
6. Invasion: RawDisk   Vulnerable
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Vulnerable
9. Invasion: DebugControl   Protected
10. Injection: SetWinEventHook   Vulnerable
11. Injection: SetWindowsHookEx   Vulnerable
12. Injection: SetThreadContext   Protected
13. Injection: Services   Vulnerable
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Protected
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Protected
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Protected
24. Impersonation: DDE   Vulnerable
25. Impersonation: Coat   Vulnerable
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Vulnerable
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Vulnerable
31. Hijacking: StartupPrograms   Vulnerable
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Vulnerable
34. Hijacking: ActiveDesktop   Protected

1) how to fix these ? , thank u

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26198
Re: COMODO Leak Test Suite Updated Version
« Reply #124 on: May 27, 2011, 04:08:31 PM »

Offline rajeshs

  • Newbie
  • *
  • Posts: 15
Re: COMODO Leak Test Suite Updated Version
« Reply #125 on: June 01, 2011, 06:16:47 AM »
Do the tips in Getting Accurate Leak Test Results help?


1. Make sure you have the following CIS settings:

    Configuration = proactive     [checked]
Firewall = safe mode, custom policy mode, or block all mode.      [Safe Mode]
Defense + = safe mode or paranoid mode [Safe Mode]
Detect shellcode injections  enabled
Monitor settings = ALl is ticked

Sandbox = disabled   Yes
 Defense+ Security Policy  checked  no CLT entries
Unrecognized Files"  none
Firewall Security policy  Removed entry of CLT
 Trusted files  checked
Delete the Internet Explorer (IE)  Done

5. Run CLT* Done

posting result [ i re done the test]


te   03:13:42 - 01-06-2011
OS   Windows Vista SP1 build 7601
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Protected
3. RootkitInstallation: DriverSupersede   Protected
4. RootkitInstallation: ChangeDrvPath   Vulnerable
5. Invasion: Runner   Vulnerable
6. Invasion: RawDisk   Vulnerable
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Vulnerable
9. Invasion: DebugControl   Protected
10. Injection: SetWinEventHook   Vulnerable
11. Injection: SetWindowsHookEx   Vulnerable
12. Injection: SetThreadContext   Protected
13. Injection: Services   Vulnerable
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Protected
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Vulnerable
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Protected
24. Impersonation: DDE   Vulnerable
25. Impersonation: Coat   Vulnerable
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Vulnerable
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Vulnerable
31. Hijacking: StartupPrograms   Vulnerable
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Vulnerable
34. Hijacking: ActiveDesktop   Protected
Score   190/340

Offline zakazak

  • Comodo Loves me
  • ****
  • Posts: 156
Re: COMODO Leak Test Suite Updated Version
« Reply #126 on: August 28, 2011, 06:09:51 PM »
okay i have some troubles with this:

When i run the test without sandboxing it (so allowing it) i get 190/340.. i pressed "block" on all the pop ups comodo asked me during the test.

Quote
COMODO LEAKTESTS V.1.1.0.3
Date   00:00:36 - 29.08.2011
OS   Windows Vista SP1 build 7601
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Protected
3. RootkitInstallation: DriverSupersede   Protected
4. RootkitInstallation: ChangeDrvPath   Vulnerable
5. Invasion: Runner   Vulnerable
6. Invasion: RawDisk   Vulnerable
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Vulnerable
9. Invasion: DebugControl   Protected
10. Injection: SetWinEventHook   Vulnerable
11. Injection: SetWindowsHookEx   Vulnerable
12. Injection: SetThreadContext   Protected
13. Injection: Services   Vulnerable
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Protected
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Protected
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Vulnerable
24. Impersonation: DDE   Vulnerable
25. Impersonation: Coat   Vulnerable
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Vulnerable
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Vulnerable
31. Hijacking: StartupPrograms   Vulnerable
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Vulnerable
34. Hijacking: ActiveDesktop   Protected
Score   190/340
(C) COMODO 2008

when i sandbox it (with comodo ofc.. when the pop comes which says "sandbox,allow,block") i get 320/340:

Impersonation : ExplorerAsParent
Impersonation : DDE

I use:
Windows 7 Prof. x64
EMET 2.1 with most programs added to it.
Comodo Internet Security suite 5.5
Proactive Security (with some changes that should INCREASE security)
Firewall: Safe Mode + Medium Alert level
Defense+: Safe Mode

Can anyone help me with this? Should I post pictures of my CIS settings?

Thanks

[at]edit: i will make a new thread
« Last Edit: August 28, 2011, 06:15:20 PM by zakazak »

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1377
  • Avert the danger that has not yet come
Re: COMODO Leak Test Suite Updated Version
« Reply #127 on: August 29, 2011, 01:00:39 AM »
Hi,

This is my score on Windows7 x64, CIS 5.8.2 Beta, all defaults + Proactive Conf.


It is 340/340, if I sandboxed CLT.exe in the first alert (I don't know why but every time I run CLT.exe I get two consecutive D+ alerts)

Allowed CLT.exe to run for the first time, rest all alerts, I blocked, then I get 200/340

COMODO Leaktests v.1.1.0.3
Date   10:17:04:AM - 29-08-2011
OS   Windows Vista SP1 build 7601
1. RootkitInstallation: MissingDriverLoad   Protected
2. RootkitInstallation: LoadAndCallImage   Protected
3. RootkitInstallation: DriverSupersede   Protected
4. RootkitInstallation: ChangeDrvPath   Vulnerable
5. Invasion: Runner   Vulnerable
6. Invasion: RawDisk   Vulnerable
7. Invasion: PhysicalMemory   Protected
8. Invasion: FileDrop   Vulnerable
9. Invasion: DebugControl   Protected
10. Injection: SetWinEventHook   Vulnerable
11. Injection: SetWindowsHookEx   Vulnerable
12. Injection: SetThreadContext   Protected
13. Injection: Services   Vulnerable
14. Injection: ProcessInject   Protected
15. Injection: KnownDlls   Vulnerable
16. Injection: DupHandles   Protected
17. Injection: CreateRemoteThread   Protected
18. Injection: APC dll injection   Protected
19. Injection: AdvancedProcessTermination   Protected
20. InfoSend: ICMP Test   Protected
21. InfoSend: DNS Test   Protected
22. Impersonation: OLE automation   Protected
23. Impersonation: ExplorerAsParent   Protected
24. Impersonation: DDE   Vulnerable
25. Impersonation: Coat   Vulnerable
26. Impersonation: BITS   Protected
27. Hijacking: WinlogonNotify   Protected
28. Hijacking: Userinit   Vulnerable
29. Hijacking: UIHost   Protected
30. Hijacking: SupersedeServiceDll   Vulnerable
31. Hijacking: StartupPrograms   Vulnerable
32. Hijacking: ChangeDebuggerPath   Protected
33. Hijacking: AppinitDlls   Vulnerable
34. Hijacking: ActiveDesktop   Protected
Score   200/340
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline Arbie

  • Newbie
  • *
  • Posts: 6
Re: COMODO Leak Test Suite Updated Version
« Reply #128 on: November 26, 2011, 03:12:40 PM »
I'm running Comodo free firewall v5.5.195786.1383.  I've just found and run the Comodo Firewall Leak Test which scored 340/340 with the firewall in 'Safe' mode.  Two suggestions on that:  make the link for the test much easier to find, and advise people to just keep pressing 'Cancel' on all the pop-ups while the test is running.

Anyway - I have also now just tried PCFlank's leak test.  With Comodo in 'Safe' mode, the firewall failed i.e. my random text string appeared as-typed on the PCFlank site.  When I went to 'Custom Policy' the leak test app was dectected as dangerous based on cloud info.

I'm writing this partly to let you know that the PCFlank test gets through 'Safe' mode, since I didn't find any recent discussions of this in the forum.  And I wonder:  Can I expect Comodo to upgrade the firewall so that 'Safe' mode will stop this leak, or should I expect to need 'Custom' mode forever?

Thx

Arbie

Offline rkg.narnaul

  • Newbie
  • *
  • Posts: 3
Re: COMODO Leak Test Suite Updated Version
« Reply #129 on: March 12, 2012, 05:07:13 AM »
Plz can anyone gimme latest version of Comodo Leak Test Suite...??

I am using Comodo Firewall free version, Which Antivirus I should use with it....

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1377
  • Avert the danger that has not yet come
Re: COMODO Leak Test Suite Updated Version
« Reply #130 on: March 13, 2012, 12:18:52 AM »
The worst ever possible score for me...30/340

CIS 5.10 with Proactive Security defaults


Date   10:36:08 AM - 3/13/2012
OS   Windows XP SP3 build 2600
1. RootkitInstallation: MissingDriverLoadProtected 2. RootkitInstallation: LoadAndCallImageVulnerable 3. RootkitInstallation: DriverSupersedeVulnerable 4. RootkitInstallation: ChangeDrvPathVulnerable 5. Invasion: RunnerProtected 6. Invasion: RawDiskVulnerable 7. Invasion: PhysicalMemoryVulnerable 8. Invasion: FileDropVulnerable 9. Invasion: DebugControlVulnerable 10. Injection: SetWinEventHookVulnerable 11. Injection: SetWindowsHookExVulnerable 12. Injection: SetThreadContextVulnerable 13. Injection: ServicesVulnerable 14. Injection: ProcessInjectVulnerable 15. Injection: KnownDllsVulnerable 16. Injection: DupHandlesVulnerable 17. Injection: CreateRemoteThreadVulnerable 18. Injection: APC dll injectionVulnerable 19. Injection: AdvancedProcessTerminationVulnerable 20. InfoSend: ICMP TestProtected 21. InfoSend: DNS TestVulnerable 22. Impersonation: OLE automationVulnerable 23. Impersonation: ExplorerAsParentVulnerable 24. Impersonation: DDEVulnerable 25. Impersonation: CoatVulnerable 26. Impersonation: BITSVulnerable 27. Hijacking: WinlogonNotifyVulnerable 28. Hijacking: UserinitVulnerable 29. Hijacking: UIHostVulnerable 30. Hijacking: SupersedeServiceDllVulnerable 31. Hijacking: StartupProgramsVulnerable 32. Hijacking: ChangeDebuggerPathVulnerable 33. Hijacking: AppinitDllsVulnerable 34. Hijacking: ActiveDesktopVulnerable
Score   30/340
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5717
Re: COMODO Leak Test Suite Updated Version
« Reply #131 on: March 13, 2012, 12:25:57 AM »
The worst ever possible score for me...30/340

CIS 5.10 with Proactive Security defaults


Date   10:36:08 AM - 3/13/2012
OS   Windows XP SP3 build 2600
1. RootkitInstallation: MissingDriverLoadProtected 2. RootkitInstallation: LoadAndCallImageVulnerable 3. RootkitInstallation: DriverSupersedeVulnerable 4. RootkitInstallation: ChangeDrvPathVulnerable 5. Invasion: RunnerProtected 6. Invasion: RawDiskVulnerable 7. Invasion: PhysicalMemoryVulnerable 8. Invasion: FileDropVulnerable 9. Invasion: DebugControlVulnerable 10. Injection: SetWinEventHookVulnerable 11. Injection: SetWindowsHookExVulnerable 12. Injection: SetThreadContextVulnerable 13. Injection: ServicesVulnerable 14. Injection: ProcessInjectVulnerable 15. Injection: KnownDllsVulnerable 16. Injection: DupHandlesVulnerable 17. Injection: CreateRemoteThreadVulnerable 18. Injection: APC dll injectionVulnerable 19. Injection: AdvancedProcessTerminationVulnerable 20. InfoSend: ICMP TestProtected 21. InfoSend: DNS TestVulnerable 22. Impersonation: OLE automationVulnerable 23. Impersonation: ExplorerAsParentVulnerable 24. Impersonation: DDEVulnerable 25. Impersonation: CoatVulnerable 26. Impersonation: BITSVulnerable 27. Hijacking: WinlogonNotifyVulnerable 28. Hijacking: UserinitVulnerable 29. Hijacking: UIHostVulnerable 30. Hijacking: SupersedeServiceDllVulnerable 31. Hijacking: StartupProgramsVulnerable 32. Hijacking: ChangeDebuggerPathVulnerable 33. Hijacking: AppinitDllsVulnerable 34. Hijacking: ActiveDesktopVulnerable
Score   30/340

thats really surprising. i just tested my system and i got 340/340 running proactive. do you have the sandbox enabled?
| Win 10 Pro (x64) | UAC Disabled | CCAV | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Offline SivaSuresh

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1377
  • Avert the danger that has not yet come
Re: COMODO Leak Test Suite Updated Version
« Reply #132 on: March 13, 2012, 01:24:47 AM »
thats really surprising. i just tested my system and i got 340/340 running proactive. do you have the sandbox enabled?
Am I supposed to sandbox clt.exe? (I never sandboxed it previously) I just allowed it when it first asks for permission.
By the way, it says that clt.exe is not digitally signed. Is this correct ?

Completely removed CIS, reinstalled again, still 70/340...I don't understand what happened...

COMODO Leaktests v.1.1.0.3
Date   11:46:19 AM - 3/13/2012
OS   Windows XP SP3 build 2600
1. RootkitInstallation: MissingDriverLoadProtected 2. RootkitInstallation: LoadAndCallImageVulnerable 3. RootkitInstallation: DriverSupersedeVulnerable 4. RootkitInstallation: ChangeDrvPathVulnerable 5. Invasion: RunnerProtected 6. Invasion: RawDiskVulnerable 7. Invasion: PhysicalMemoryVulnerable 8. Invasion: FileDropVulnerable 9. Invasion: DebugControlVulnerable 10. Injection: SetWinEventHookVulnerable 11. Injection: SetWindowsHookExVulnerable 12. Injection: SetThreadContextVulnerable 13. Injection: ServicesVulnerable 14. Injection: ProcessInjectVulnerable 15. Injection: KnownDllsVulnerable 16. Injection: DupHandlesVulnerable 17. Injection: CreateRemoteThreadVulnerable 18. Injection: APC dll injectionProtected 19. Injection: AdvancedProcessTerminationVulnerable 20. InfoSend: ICMP TestProtected 21. InfoSend: DNS TestProtected 22. Impersonation: OLE automationVulnerable 23. Impersonation: ExplorerAsParentProtected 24. Impersonation: DDEVulnerable 25. Impersonation: CoatProtected 26. Impersonation: BITSVulnerable 27. Hijacking: WinlogonNotifyVulnerable 28. Hijacking: UserinitVulnerable 29. Hijacking: UIHostVulnerable 30. Hijacking: SupersedeServiceDllVulnerable 31. Hijacking: StartupProgramsVulnerable 32. Hijacking: ChangeDebuggerPathVulnerable 33. Hijacking: AppinitDllsVulnerable 34. Hijacking: ActiveDesktopVulnerable
Score   70/340

I will do a fresh install of CIS 5.9 and come with the results in the evening. I am little worried now.
with love Siva Suresh
|| Windows7 x64 | CIS 10 | Firefox | Thunderbird | CCleaner | Evernote | PStart | UltraCopier | Dropbox | TeamViewer | Screenshot Captor ||
|| AMD Phenom II x4 955B | ASUS M4A88TD | 8GB DDR3 RAM | 240GB Sandisk SSD  || 6TB SATA II HDD 6Gb/s

Offline wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5717
Re: COMODO Leak Test Suite Updated Version
« Reply #133 on: March 13, 2012, 01:29:39 AM »
the only alert you should allow is the first one which says explorer.exe is trying to execute clt.exe. then block the rest of the alerts. (if you have the sandbox disabled)

no clt is not made to test the sandbox it is meant to test the firewall and defense +. have you tried following the advice given in this article to get accurate leak test results?

EDIT: reworded
« Last Edit: March 13, 2012, 01:34:40 AM by wasgij6 »
| Win 10 Pro (x64) | UAC Disabled | CCAV | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Offline JoWa

  • Humanist
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6438
  • I believe in doubt.
    • Evolutionary history of life
Re: COMODO Leak Test Suite Updated Version
« Reply #134 on: March 13, 2012, 01:32:10 AM »
Am I supposed to sandbox clt.exe? (I never sandboxed it previously) I just allowed it when it first asks for permission.
By the way, it says that clt.exe is not digitally signed. Is this correct ?
By allowing it, you give it “unlimited access to your computer”. Press Sandbox in the alert. Or test with sandbox disabled.

Correct. clt.exe is not signed. If it were signed by Comodo, it would automatically be trusted by CIS (with default settings). ;)
Ubuntu 21.04 | Firefox 90β | HTTPS Only Mode | Privacy Badger
Forum Policy | Comodo Product Help

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek