Author Topic: CPF consistently fails pcflank.com leak test [Resolved]  (Read 29829 times)

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14692
    • Video Blog
Re: CPF consistently fails pcflank.com leak test
« Reply #15 on: August 03, 2006, 02:19:31 PM »
Thank you for that answer .  However , as good as it might be , it still escapes me as to how it is a solid answer .  The only reason i say this is because I used their leaktest against another firewall and it passed .  I must admit though , that I have used many against their leaktest and they all fail but one .  if the one did not pass as well , then I would say ok .  But , one DID pass .  This being the case , may I ask how you might know that the test result is skewed ?  No argument here as I know their tests stink .  Long ago it was a nice site to test things .  For the last year or more , it has been nothing less than a joke .  Thanks again for the input .  I am just trying to understand what is at work here and why .

Falkor

Lets analyse what a leak test is: Its a piece of code that runs on your machine, that tries to defeat your firewall by trying to submit some data into a website.

Now, that code has some logic in it that show either passed or failed window message to the user. This logic is based on something that the author thinks valid. Well, we all know there are more than one way to solve any problem ;-)

The question is not what that application tells you cos the logic that determines whether its passed or not could be limited, but whether the data has been leaked or not.

Do you see the data leaked? If not, then the the firewall passed the test. No matter what their dialog box says.

melih

Offline falkor

  • Comodo Member
  • **
  • Posts: 38
  • The Dragon Rocks !!!
Re: CPF consistently fails pcflank.com leak test
« Reply #16 on: August 03, 2006, 02:31:07 PM »
Thank you Melih my friend .  Nice answer and easily understood by me .  Did I see the info leaked ?  All I know is the typed message was shown as a leak .  It is my personal belief that based on what a leaktest actually is , Comodo really passed .  I just do not understand why they claim it failed .  I have always thought it is the way they produce the test and NOT the firewall itself .  I certainly believe in this firewall MUCH MORE SO than in any test at pcFlank .  Just wish I knew what the real deal is .  Thank you for the answer .  I think that is as close to being solid as possible based on the facts as they are known .
  KEEP UP THE GREAT WORK !!!
The Dragon Rocks !

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14692
    • Video Blog
Re: CPF consistently fails pcflank.com leak test
« Reply #17 on: August 03, 2006, 03:16:18 PM »
Thank you Melih my friend .  Nice answer and easily understood by me .  Did I see the info leaked ?  All I know is the typed message was shown as a leak .  It is my personal belief that based on what a leaktest actually is , Comodo really passed .  I just do not understand why they claim it failed .  I have always thought it is the way they produce the test and NOT the firewall itself .  I certainly believe in this firewall MUCH MORE SO than in any test at pcFlank .  Just wish I knew what the real deal is .  Thank you for the answer .  I think that is as close to being solid as possible based on the facts as they are known .
  KEEP UP THE GREAT WORK !!!

Thank you Falkor :)

Melih

Offline r2baruch

  • Comodo Loves me
  • ****
  • Posts: 131
Re: CPF consistently fails pcflank.com leak test
« Reply #18 on: August 03, 2006, 03:56:46 PM »
Thank you Falkor :)

Do you have any ideas about my problem (the one that started this thread)?
I use WinXP-SP2-Home, AVG-Free, Comodo firewall, Spyware Guard, Spyware Blaster, IESpyads, Windows Defender, Winpatrol

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: CPF consistently fails pcflank.com leak test
« Reply #19 on: August 03, 2006, 04:52:55 PM »
Do you have any ideas about my problem (the one that started this thread)?

Hi r2baruch,

I assume you always enter different words, you always see what you write on the test site and CPF never warns you. This is the only case that is considered to be failed. The test may say "You have failed". But this is not a case if CPF shows a popup.

Lets do the following:

Please delete the following key:
HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\IPC and Restart your computer(If you are using BETA, you wont be able to delete it without killing cmdagent.exe from the task manager).

After you restart(Dont forget to restart you PC), run the test and paste us all the popup screenshots you see so that we can see what is going on.

Thx,
Egemen

Offline r2baruch

  • Comodo Loves me
  • ****
  • Posts: 131
Re: CPF consistently fails pcflank.com leak test
« Reply #20 on: August 03, 2006, 04:58:14 PM »
I assume you always enter different words, you always see what you write on the test site and CPF never warns you. This is the only case that is considered to be failed.

Yes this is my scenario. I will try yr reg hack and let you know.
Thanks.
I use WinXP-SP2-Home, AVG-Free, Comodo firewall, Spyware Guard, Spyware Blaster, IESpyads, Windows Defender, Winpatrol

Offline falkor

  • Comodo Member
  • **
  • Posts: 38
  • The Dragon Rocks !!!
Re: CPF consistently fails pcflank.com leak test
« Reply #21 on: August 04, 2006, 06:51:43 AM »
NICELY done egemen !!!!  Bet that helps .  And happy to see you warned people of trying this with the beta .
The Dragon Rocks !

Offline r2baruch

  • Comodo Loves me
  • ****
  • Posts: 131
Re: CPF consistently fails pcflank.com leak test
« Reply #22 on: August 04, 2006, 08:32:12 AM »
I assume you always enter different words, you always see what you write on the test site and CPF never warns you. This is the only case that is considered to be failed. The test may say "You have failed". But this is not a case if CPF shows a popup.

Please delete the following key:
HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\IPC and Restart your computer(If you are using BETA, you wont be able to delete it without killing cmdagent.exe from the task manager).

After you restart(Dont forget to restart you PC), run the test and paste us all the popup screenshots you see so that we can see what is going on.

I did the reg hack and reboot exactly according to your instructions.
When I did the leak test I got the first two popups shown in the attachment and denied both. Then I pressed open browser or pasted the link into a browser, denied the popup (third or fourth shown in the popup) and then all I got was page not found.

Then I closed all IE windows and tried again. Then when I got the "viewing test results" dialog box and the third or fourth popup shown in the attachment,  I didn't respond to the popup but pasted the link into a new browser window.  Then I got the results window and didn't see the typed text.

Then I tried again.  Closed all IE windows and changed IP address.  Opened leak test, typed in a string, pressed next.  Then pasted link into new browser window and didn't see the typed string in the results table. Then I closed all browser windows and pressed open browser in the pcflank view test results box. It seems that at this point I have to allow the connection.  The result was an empty result table (i.e. pass).

I presume this means my problem is solved and replacing the IPC registry key canceled the erroneous connection allowances.
I just don't fully understand the sequence of events here including the appropriate responses to the popups, which to allow and which to deny, and and why I get repeated leaktest popups, and in general would appreciate some additional explanation.

For example if I have a popup for leaktest and I do not allow it then I cannot access any website at all. Why? What does it all mean?

I would also appreciate some explanation of what is OLE Automation that keeps coming up in popups.

I am beginning to see the light at the end of the tunnel, but still have difficulty knowing how to respond to popups and especially how to explain to the other users of the computer how to respond.  At present my inclination is that if a popup appears in response to an action of the user, then it should be allowed, but I would rather understand a little more about the processes of CPF.

Thank you for your assistance.

[attachment deleted by admin]
« Last Edit: August 04, 2006, 09:12:51 AM by r2baruch »
I use WinXP-SP2-Home, AVG-Free, Comodo firewall, Spyware Guard, Spyware Blaster, IESpyads, Windows Defender, Winpatrol

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: CPF consistently fails pcflank.com leak test
« Reply #23 on: August 04, 2006, 10:24:15 AM »
I did the reg hack and reboot exactly according to your instructions.
When I did the leak test I got the first two popups shown in the attachment and denied both. Then I pressed open browser or pasted the link into a browser, denied the popup (third or fourth shown in the popup) and then all I got was page not found.

Then I closed all IE windows and tried again. Then when I got the "viewing test results" dialog box and the third or fourth popup shown in the attachment,  I didn't respond to the popup but pasted the link into a new browser window.  Then I got the results window and didn't see the typed text.

Then I tried again.  Closed all IE windows and changed IP address.  Opened leak test, typed in a string, pressed next.  Then pasted link into new browser window and didn't see the typed string in the results table. Then I closed all browser windows and pressed open browser in the pcflank view test results box. It seems that at this point I have to allow the connection.  The result was an empty result table (i.e. pass).

I presume this means my problem is solved and replacing the IPC registry key canceled the erroneous connection allowances.
I just don't fully understand the sequence of events here including the appropriate responses to the popups, which to allow and which to deny, and and why I get repeated leaktest popups, and in general would appreciate some additional explanation.

For example if I have a popup for leaktest and I do not allow it then I cannot access any website at all. Why? What does it all mean?

I would also appreciate some explanation of what is OLE Automation that keeps coming up in popups.

I am beginning to see the light at the end of the tunnel, but still have difficulty knowing how to respond to popups and especially how to explain to the other users of the computer how to respond.  At present my inclination is that if a popup appears in response to an action of the user, then it should be allowed, but I would rather understand a little more about the processes of CPF.

Thank you for your assistance.

You are passing the leak test.  Lets go step by step to see why.

When you run the leak test, CPF first warns you about McAfee Site Advisor whose parent application(i.e. the application which started siteadvisor) is internet explorer. Since pcflank test manipulated internet explorer and internet explorer starts siteadvisor : your first popup is pcflank has modified the PARENT application iexplore.exe. After you deny, siteadvisor instance will be blocked. Then iexplore.exe tries to connect the internet and this time CPF will warn you about iexplore.exe because pcflank leak test manipulated iexplore.exe.

Upto this point, everything is about the leak test and since you denied, you passed the test.

The testing finished.

The you will go to pcflank test site to see the results. Todo so, you click on "Open browser" button on the leak test. This time CPF will warn you "PCFlank has modified the user interface of iexplore.exe"(it changes the URL of the browser). Because although it is not related to leak test, pcflank is trying to open your browser. You can allow at this point because it is not related to the test.

When you deny the connection attempts of the browser instance, it will be blocked until you restart the browser. Because you can not be sure what the modification will cause in the future attempts.

OLE Automation, is an interprocess communication mechanism provided by Windows OS. If automatically approve safe applications option is not selected. you will see lots of such popups.

Egemen


Offline r2baruch

  • Comodo Loves me
  • ****
  • Posts: 131
Re: CPF consistently fails pcflank.com leak test
« Reply #24 on: August 04, 2006, 10:53:27 AM »
Egemen,
Thanks very much. Your explanation is very clear and informative. I have informed support that the problem is resolved.
Is there a strong reason not to select "automatically approve safe applications"?
« Last Edit: August 04, 2006, 10:55:23 AM by r2baruch »
I use WinXP-SP2-Home, AVG-Free, Comodo firewall, Spyware Guard, Spyware Blaster, IESpyads, Windows Defender, Winpatrol

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14692
    • Video Blog
Re: CPF consistently fails pcflank.com leak test
« Reply #25 on: August 04, 2006, 12:48:17 PM »
Egemen,
Thanks very much. Your explanation is very clear and informative. I have informed support that the problem is resolved.
Is there a strong reason not to select "automatically approve safe applications"?

Safe Applications are the applications that Comodo's Malware team has analysed and marked it as safe! So I would strongly recommend everyone leaves that on. Afterall, we are doing this analysis of these files and marking them as safe for you guys so that you don't have to do it!

Melih

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: CPF consistently fails pcflank.com leak test
« Reply #26 on: August 04, 2006, 01:41:08 PM »
Egemen,
Thanks very much. Your explanation is very clear and informative. I have informed support that the problem is resolved.
Is there a strong reason not to select "automatically approve safe applications"?

As Melih said they are safe. I personally always enable it because there is no need to approve a popup for say internet explorer unless something critical. If there is something critical, CPF will warn us no matter if the application is safe or not.

So I also recommend enabling it.

Good luck,
Egemen

Offline r2baruch

  • Comodo Loves me
  • ****
  • Posts: 131
Re: CPF consistently fails pcflank.com leak test [Resolved]
« Reply #27 on: August 05, 2006, 01:48:09 PM »
Automatically approve safe applications is a default setting.
What is your opinion about basic popup logic  - to select or not, and why?
Thx
I use WinXP-SP2-Home, AVG-Free, Comodo firewall, Spyware Guard, Spyware Blaster, IESpyads, Windows Defender, Winpatrol

Offline mike6688

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2112
Re: CPF consistently fails pcflank.com leak test [Resolved]
« Reply #28 on: August 05, 2006, 02:16:41 PM »
Automatically approve safe applications is a default setting.
What is your opinion about basic popup logic  - to select or not, and why?
Thx

Hi,

This option is going to be removed in the next version (2.3) and you will have a sliding scale to select the number of popups (i.e. Low..to..High) based on what you want to be alerted to.

Mike
Volunteer Moderator: Opinions are my own and may not reflect those of Comodo.  Please read and abide by the forum policy!

Offline r2baruch

  • Comodo Loves me
  • ****
  • Posts: 131
Re: CPF consistently fails pcflank.com leak test [Resolved]
« Reply #29 on: August 05, 2006, 02:31:18 PM »
You are passing the leak test.  Lets go step by step to see why.

Upto this point, everything is about the leak test and since you denied, you passed the test.

The testing finished.

The you will go to pcflank test site to see the results. Todo so, you click on "Open browser" button on the leak test. This time CPF will warn you "PCFlank has modified the user interface of iexplore.exe"(it changes the URL of the browser). Because although it is not related to leak test, pcflank is trying to open your browser. You can allow at this point because it is not related to the test.

I sorry to bother again you with the leak test but after repeating the test a few more times I have more questions.

The scenario is: I type a text string into the test and press next, then I get the popup together with the viewing results box.

At this point if there are 3 possibilities:

  • w/o responding to the popup I paste the results link into a browser window. I get the results page with a passing test result (no text in table).
  • w/o responding to the popup I press the open browser button. I get page not found.
  • respond to popup with deny then I get a page not found error whether I paste the results link or press open browser. Then I must close all browser windows (and possibly also the pcflank box) in order to resume work.

What am I missing?  What is the popup that appears when I press next in pcflank after typing  the test string? Is it the popup for the test which must be denied or the popup for the result which must be allowed? If it is the popup for the test and I don't respond then the result is a pass only because no attempt has yet been made to send the test and therefore the result is meaningless.  If I deny the popup which concerns IE, then it is obvious that IE is blocked for everything because the notation of leaktest in the popup is merely informative but the program that is being blocked is IE either with Site Advisor or svchost.exe.

I greatly appreciate your patience and responses.




 
« Last Edit: August 05, 2006, 02:44:58 PM by r2baruch »
I use WinXP-SP2-Home, AVG-Free, Comodo firewall, Spyware Guard, Spyware Blaster, IESpyads, Windows Defender, Winpatrol

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek