Comodo Leaktest says score 140/340

dominumds · March 24, 2010, 11:19pm

Hi there,
I ran Comodo Leaktest just a couple of minutes ago and it gave my system a score of 140/340.

COMODO Leaktests v.1.1.0.3
Date 20:16:31 - 24/03/2010
OS Windows Vista SP2 build 6002
4. RootkitInstallation: ChangeDrvPath Vulnerable
6. Invasion: RawDisk Vulnerable
8. Invasion: FileDrop Vulnerable
10. Injection: SetWinEventHook Vulnerable
11. Injection: SetWindowsHookEx Vulnerable
12. Injection: SetThreadContext Vulnerable
13. Injection: Services Vulnerable
15. Injection: KnownDlls Vulnerable
16. Injection: DupHandles Vulnerable
18. Injection: APC dll injection Vulnerable
19. Injection: AdvancedProcessTermination Vulnerable
21. InfoSend: DNS Test Vulnerable
24. Impersonation: DDE Vulnerable
25. Impersonation: Coat Vulnerable
26. Impersonation: BITS Vulnerable
28. Hijacking: Userinit Vulnerable
30. Hijacking: SupersedeServiceDll Vulnerable
31. Hijacking: StartupPrograms Vulnerable
33. Hijacking: AppinitDlls Vulnerable
34. Hijacking: ActiveDesktop Vulnerable
Score 140/340

What can I do to fix this? :S

Windows Vista SP2 fully updated, avast! 5.0.462 free, CIS 4.0.138377.779, MBAM 1.44, Windows Defender active.

dominumds · March 25, 2010, 3:07am

Dismiss my previous post. Disabled some options in Sandbox (Automatically recognise installer/updaters and run them outside Sandbox) and I started getting crazy thanks to our dear D+ alerts.
Blocked them all systematically and got 340/340 xD

Hlupic · March 29, 2010, 11:36am

I got no more than 160/340 before I saw yours post here Anyway, I can’t get more than 320/340. I have problem with:

InfoSend: DNS Test
Impersonation: Coat

What could be a problem and solution?
UPDATE: Change CIS from Internet security to Proactive security. Now I get only Impersonation: Coat.

BTW If you just click cancel on Comodo’s alert during CLT, you get only 2 pop ups and same result as if you are clicking block button on and on.

dominumds · March 29, 2010, 2:41pm

Haha, I love Default Deny xD
I got 340/340. Enable ALL options under Image Execution Control Settings, Defense+ Settings (Paranoid Mode) and of course, disable “Automatically run unrecognized programs inside the Sandbox” and “Automatically recognize installers and run them outside the Sandbox”.

That did the trick for me

Hlupic · March 30, 2010, 1:37pm

Definitely there should be a note to unmark few things in sanbdox settings. Otherwise there is no difference between running CLT with or without CIS.

I played with CLT and CIS so long, that I had to re-install web browser and again configure CIS :o

Kryptoncs · April 30, 2010, 4:42pm

Guys if you have Comodo FW with Windows 7 please configure it to firewall security then try CLT.exe ;D you’ll be surprised yes your score will be 100% try and let me know…

languy99 · April 30, 2010, 5:31pm

This is how I get 340/340 I set CIS to proactive mode. Then I go to the firewall settings, to the setalth port wizard, and select “alert me to incoming connections…”, then I go to the sandbox setting and uncheck " automatically detect installers and run…" how run the leaktest, if you block everything you will see that it passes just fine without too many questions.

adrman · June 1, 2010, 1:34pm

Languy, I’ve tried your settings with CLT and I’m still failing both Impersonation: DDE and Impersonation: Coat. Any thoughts? Thanks.

languy99 · June 1, 2010, 3:38pm

it tends to happen on some systems, it happens on mine too. The new 4.1 version fixes all that.

adrman · June 1, 2010, 4:38pm

Thanks. After I posted here, I saw you had posted that in another thread. Anyway, I’ll await 4.1 then.

cvsa · June 12, 2010, 5:01pm

same thing for me , i’m getting mad trying to understand why it fails with sandbox on and it passes perfect with sandbox off… v4.1 didn’t change anything… >:-D >:-D >:-D >:(

salaficall · November 19, 2010, 3:09pm

CLT was not designed to be used in a sandbox. It was designed to test the firewall and D+/HIPS only
Using it inside a sandbox or with a sandbox gives erroneous results

and Yes, you can enable the sandbox without compromising security. The CLT program is not designed to test the sandbox, and that it why you are supposed to turn off the sandbox for the test. The developers tested 15,000 malware files against the sandbox, and none of the malware files were able to run after rebooting (some harmless files may get dropped on your hard drive, but the malware cannot “infect” your computer and cause harm).

https://forums.comodo.com/leak-testingattacksvulnerability-research/comodo-leak-test-suite-updated-version-t30110.0.html;msg443168#msg443168

[url=https://forums.comodo.com/leak-testingattacksvulnerability-research/getting-accurate-leak-test-results-t61715.0.html[/url]