Author Topic: COMODO Leak Test Suite Updated Version (Read 313053 times)

JoWa · « **Reply #150 on:** June 30, 2017, 02:17:59 AM »

Windows 7 (SP1) 64-bit. Italic = protected on Windows 10.

Administrator: 190/340
4. RootkitInstallation: ChangeDrvPath Vulnerable
6. Invasion: RawDisk Vulnerable
8. Invasion: FileDrop Vulnerable
10. Injection: SetWinEventHook Vulnerable
11. Injection: SetWindowsHookEx Vulnerable
12. Injection: SetThreadContext Protected
13. Injection: Services Vulnerable
15. Injection: KnownDlls Vulnerable
21. InfoSend: DNS Test Vulnerable
23. Impersonation: ExplorerAsParent Vulnerable
24. Impersonation: DDE Vulnerable
25. Impersonation: Coat Vulnerable
28. Hijacking: Userinit Vulnerable
30. Hijacking: SupersedeServiceDll Vulnerable
31. Hijacking: StartupPrograms Vulnerable
33. Hijacking: AppinitDlls Vulnerable

User: 280/340
10. Injection: SetWinEventHook Vulnerable
11. Injection: SetWindowsHookEx Vulnerable
21. InfoSend: DNS Test Vulnerable
23. Impersonation: ExplorerAsParent Vulnerable
24. Impersonation: DDE Vulnerable
25. Impersonation: Coat Vulnerable

User at low integrity level: 300/340
10. Injection: SetWinEventHook Vulnerable
11. Injection: SetWindowsHookEx Vulnerable
21. InfoSend: DNS Test Vulnerable
23. Impersonation: ExplorerAsParent Vulnerable

qmarius · « **Reply #151 on:** June 30, 2017, 02:54:51 AM »

I'm getting 340/340 on W7, x64.

JoWa · « **Reply #152 on:** June 30, 2017, 03:13:53 AM »

Want to share your recipe?

qmarius · « **Reply #153 on:** June 30, 2017, 04:58:32 AM »

You should allow only process execution. Depending on allowed action, you might not get same alert at a later point. In other words, you should only let explorer.exe launch clt.exe. Afterwards, you block everything.

Auto-Containment: Disabled
HIPS: Safe Mode

JoWa · « **Reply #154 on:** June 30, 2017, 05:17:44 AM »

So your recipe was W7 + CIS. Mine was W7 without third-party security software.

qmarius · « **Reply #155 on:** June 30, 2017, 05:20:47 AM »

Oh.. misunderstood. Thought you were having trouble with your CIS configuration. Sorry about that.

JoWa · « **Reply #156 on:** June 30, 2017, 01:23:26 PM »

No trouble here, just testing stuff on my VMs. Thanks anyway for the help.

BTW, years ago, I got 310 on Windows XP without third-party software, by using run as “Protect my computer and my files…”.

JoWa · « **Reply #157 on:** June 24, 2018, 12:30:33 AM »

CLT stops at 16. Injection: DupHandles on Windows 10 1803, 64-bit.

Only when I run CLT as user (not admin) at low integrity level does it complete the test. The score then is 320/340.

10. Injection: SetWinEventHook Vulnerable
11. Injection: SetWindowsHookEx Vulnerable

liosant · « **Reply #158 on:** July 13, 2018, 08:01:20 PM »

Quote from: military on July 04, 2012, 02:16:39 AM

SpyShelter Firewall 1.0
Oracle VM VBox
Win 7Ultimate x64

it is possible? 350/340

Comodo firewall protect, if configured correct

Author Topic: COMODO Leak Test Suite Updated Version (Read 313053 times)

JoWa

Re: COMODO Leak Test Suite Updated Version

qmarius

Re: COMODO Leak Test Suite Updated Version

JoWa

Re: COMODO Leak Test Suite Updated Version

qmarius

Re: COMODO Leak Test Suite Updated Version

JoWa

Re: COMODO Leak Test Suite Updated Version

qmarius

Re: COMODO Leak Test Suite Updated Version

JoWa

Re: COMODO Leak Test Suite Updated Version

JoWa

Re: COMODO Leak Test Suite Updated Version

liosant

Re: COMODO Leak Test Suite Updated Version