Author Topic: Did Comodo Firewall passed successfully LeakTests ?  (Read 30014 times)

Offline pstein

  • Newbie
  • *
  • Posts: 14
Did Comodo Firewall passed successfully LeakTests ?
« on: September 09, 2006, 03:14:18 AM »
Did Comodo Firewall successfully passed the LeakTests described on the following pages:

http://www.firewallleaktester.com/
and
http://www.grc.com/lt/leaktest.htm

Offline AJohn

  • Computer Security Testing Group
  • Comodo Loves me
  • *****
  • Posts: 170
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #1 on: September 09, 2006, 04:47:16 AM »
The GRC link is not needed as firewallleaktester.com covers the method used there.

The answer to your question is yes.

Offline PC_Junkie

  • Newbie
  • *
  • Posts: 23
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #2 on: September 09, 2006, 08:49:59 AM »
Did Comodo Firewall successfully passed the LeakTests described on the following pages:

http://www.firewallleaktester.com/
and
http://www.grc.com/lt/leaktest.htm


    When testing them it passed all except wallbreaker v4.0. wallbreaker has 4 separate tests in that little program and it failed the 1st one, passed the second, and failed the last 2. Not sure if anyone else is aware of this, if you get the chance please someone else go test and please reply. i would like to see if maybe it might have something to do with my settings or if it indeed is the firewall.
                                                                                                                 
                                                                                                                Thanks!

Offline dlhan

  • Comodo Member
  • **
  • Posts: 49
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #3 on: September 09, 2006, 10:00:56 AM »
I got the same results as you with version 2.3.5.62. However Comodo's previous version, if I remember correctly, passed all 4 tests.

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #4 on: September 09, 2006, 11:04:22 AM »
... if I remember correctly, passed all 4 tests.

Yes, I also remember the previous version passing all 4 tests. Unfortunately I can't test this version 'til later this afternoon. Do you guys have the "parent path" being verified for explorer.exe and cmd.exe?

I would think that should be enough to enable Comodo to pass the first, 3rd and 4th tests.

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #5 on: September 09, 2006, 11:46:20 AM »
Yes, I also remember the previous version passing all 4 tests. Unfortunately I can't test this version 'til later this afternoon. Do you guys have the "parent path" being verified for explorer.exe and cmd.exe?

I would think that should be enough to enable Comodo to pass the first, 3rd and 4th tests.

Disabling
Security->Advanced->Miscellaneous->Do not show alerts for the applications certified by comodo option should make CPF to show popups for those tests.

Egemen

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #6 on: September 09, 2006, 12:52:08 PM »
Disabling
Security->Advanced->Miscellaneous->Do not show alerts for the applications certified by comodo option should make CPF to show popups for those tests.

Egemen

Ahh, there you go! That makes perfect sense  :) Did you run the leaktest egemen? I'm anxious to find out if Comodo can pass it.

Offline dlhan

  • Comodo Member
  • **
  • Posts: 49
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #7 on: September 09, 2006, 01:17:11 PM »
This created masive popups asking if svchost could connect to internet through Internet Explorer. I created a rule that blocked internet access for svchost through Internet Explorer. It works to stop all Wallbreaker tests but unfortunately it also stops Windows Update. Still working on it but have decided the best for now is to just disable CPF when going to Windows Update. (I update manually).

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #8 on: September 09, 2006, 01:41:40 PM »
This created masive popups asking if svchost could connect to internet through Internet Explorer. I created a rule that blocked internet access for svchost through Internet Explorer. It works to stop all Wallbreaker tests but unfortunately it also stops Windows Update. Still working on it but have decided the best for now is to just disable CPF when going to Windows Update. (I update manually).

The pop-ups are a good sign. Hopefully there is an indication that wallbreaker is the process attempting to launch svchost. That way it should be possible to deny permanently wallbreaker from launching other apps, while still allowing svchost to access Win updates.

Offline dlhan

  • Comodo Member
  • **
  • Posts: 49
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #9 on: September 09, 2006, 02:04:18 PM »
There was no indication it was wallbreaker trying to access internet. All the popup says is that svchost is trying to access internet.

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #10 on: September 09, 2006, 06:50:27 PM »
Just tried and Comodo passed all four Wallbreaker 4.0 tests. One of the keys is to make sure explorer.exe is blocked from Internet access. It should almost never need access for any reason, but for a few rare occasions (one is to read digital certificates, I think). I also got warned about wallbreaker acting as a parent process. Some screenshots below.

[attachment deleted by admin]
« Last Edit: September 09, 2006, 06:55:18 PM by cprtech »

Offline dlhan

  • Comodo Member
  • **
  • Posts: 49
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #11 on: September 09, 2006, 07:02:32 PM »
Comodo will warn about wallbreaker but only on test #2

Offline dlhan

  • Comodo Member
  • **
  • Posts: 49
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #12 on: September 09, 2006, 07:46:50 PM »
This is the only configuration that stops all four Wallbreaker tests for me.

[attachment deleted by admin]

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #13 on: September 09, 2006, 08:02:22 PM »
This is the only configuration that stops all four Wallbreaker tests for me.

Did you try creating a rule in Application Monitor to block explorer.exe from all outbound access? That should work.

Also, it looks as though wallbreaker.exe is the parent process in only test #2. I decided just to experiment and delete my block explorer rule and then run the tests again. I did get warned on test #1 that userinit as parent was trying to launch explorer.exe. I hit Deny and of course it blocked the test. I'm still trying to figure some things out to get a better understanding of how wallbreaker works. I guess it just comes down to having to be cautious and question anything that seems "out of the norm" When you stop to think about it, why would userinit want to launch explorer.exe and why would anyone simply allow that sequence of events to happen? That is obviously not a normal, frequently seen connection attempt.

In other words, if there is even an inkiling of doubt, just hit "Deny" without selecting "Remember". If you find out it is a legit process requiring a necessary conenction, then all that's needed to do is to invoke the connection attempt again and hit "Allow".

Offline dlhan

  • Comodo Member
  • **
  • Posts: 49
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #14 on: September 09, 2006, 08:19:22 PM »
Here is the rule as I believe you stated. Still does not block Walbreaker 1,3 and 4 The only way I have been able to block all of the wallbreaker tests is to deny access internet access for svchost.exe.

[attachment deleted by admin]

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek