COMODO Leak Test Suite Updated Version

[JoWa]

Windows 7 (SP1) 64-bit. Italic = protected on Windows 10.

Administrator: 190/340
4. RootkitInstallation: ChangeDrvPath Vulnerable
6. Invasion: RawDisk Vulnerable
8. Invasion: FileDrop Vulnerable
10. Injection: SetWinEventHook Vulnerable
11. Injection: SetWindowsHookEx Vulnerable
12. Injection: SetThreadContext Protected
13. Injection: Services Vulnerable
15. Injection: KnownDlls Vulnerable
21. InfoSend: DNS Test Vulnerable
23. Impersonation: ExplorerAsParent Vulnerable
24. Impersonation: DDE Vulnerable
25. Impersonation: Coat Vulnerable
28. Hijacking: Userinit Vulnerable
30. Hijacking: SupersedeServiceDll Vulnerable
31. Hijacking: StartupPrograms Vulnerable
33. Hijacking: AppinitDlls Vulnerable

User: 280/340
10. Injection: SetWinEventHook Vulnerable
11. Injection: SetWindowsHookEx Vulnerable
21. InfoSend: DNS Test Vulnerable
23. Impersonation: ExplorerAsParent Vulnerable
24. Impersonation: DDE Vulnerable
25. Impersonation: Coat Vulnerable

User at low integrity level: 300/340
10. Injection: SetWinEventHook   Vulnerable
11. Injection: SetWindowsHookEx   Vulnerable
21. InfoSend: DNS Test   Vulnerable
23. Impersonation: ExplorerAsParent Vulnerable

[windstorm]

I'm getting 340/340 on W7, x64. 

[JoWa]

Want to share your recipe?

[windstorm]

You should allow only process execution. Depending on allowed action, you might not get same alert at a later point. In other words, you should only let explorer.exe launch clt.exe. Afterwards, you block everything.

Auto-Containment: Disabled
HIPS: Safe Mode

[JoWa]

So your recipe was W7 + CIS. Mine was W7 without third-party security software.

[windstorm]

Oh.. misunderstood. Thought you were having trouble with your CIS configuration. Sorry about that.

[JoWa]

No trouble here, just testing stuff on my VMs. Thanks anyway for the help.

BTW, years ago, I got 310 on Windows XP without third-party software, by using run as “Protect my computer and my files…”.