I know this is a Comodo designed test and that Defense+ is an integral part of CIS, but by relying so much on Defense+, is the leak test suite really testing the CIS Firewall? It seems like the HIPS part of CIS is doing most of the work in these leak tests. By choosing 'Allow', aren't you bypassing the Defense+ part of CIS and then testing only the Firewall part of the program, which gives the CIS Firewall a much lower score? Is this a convoluted way of looking at this leak test suite in regards to the CIS program, or does the question have merit?
BTW, I scored 340 out of 340, with the Firewall and Defense+ set to Safe Mode and all the Monitor Settings checked. The Advanced Predefined Security Policies Trusted Applications Protection Settings were all set to 'Yes'. The Windows System Applications Protection Settings were all set to 'Yes', except Windows/WinEvent Hooks was left at "No'. Isolated Applications Protection Settings were all left at 'No', and the Limited Applications were all set to 'Yes'. With these settings I didn't get any Defense+ popups to answer. I still have to wonder, was the CIS Firewall really being tested by this leak test suite, or was Defense+ doing most of the work because of the advanced settings chosen?