Author Topic: Did Comodo Firewall passed successfully LeakTests ?  (Read 30013 times)

Offline dlhan

  • Comodo Member
  • **
  • Posts: 49
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #15 on: September 09, 2006, 08:24:30 PM »
Sorry I posted the wrong picture. Here is the correct one.

[attachment deleted by admin]

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #16 on: September 09, 2006, 08:49:41 PM »
Here is the rule as I believe you stated. Still does not block Walbreaker 1,3 and 4 The only way I have been able to block all of the wallbreaker tests is to deny access internet access for svchost.exe.

Actually, it is explorer.exe, not Iexplorer.exe  :)  Try creating a rule to block explorer.exe

Offline dlhan

  • Comodo Member
  • **
  • Posts: 49
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #17 on: September 09, 2006, 09:45:54 PM »
Please look again. It is Explorer.exe

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #18 on: September 09, 2006, 09:52:30 PM »
Please look again. It is Explorer.exe

Okay, I see. I need a bit of time to research this.

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #19 on: September 09, 2006, 10:08:26 PM »
Please look again. It is Explorer.exe

dlhan, I am noticing something kind of odd with Comodo. Please try logging off and log on again. Then try WB tests 1 & 3 once more. The rule you have looks perfectly good to me and should work.

I have noticed that if I select a decision on a rule without choosing "Remember", I still need to log off my account then log on again for Comodo to "let go" of that decision.

Offline dlhan

  • Comodo Member
  • **
  • Posts: 49
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #20 on: September 09, 2006, 10:40:05 PM »
Returned Explorer.exe rule to block. Returned svchost.exe rule to allow. Closed CPF and rebooted system. Wallbreaker went through on 1,3 and 4. Changed svchost to block. Wallbreaker was stopped  on 1, 3, 4 (and 2 of course)

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #21 on: September 09, 2006, 10:49:03 PM »
Returned Explorer.exe rule to block. Returned svchost.exe rule to allow. Closed CPF and rebooted system. Wallbreaker went through on 1,3 and 4. Changed svchost to block. Wallbreaker was stopped  on 1, 3, 4 (and 2 of course)

Well this is really puzzling me  ??? svchost is never part of the picture when I run any of the wallbreaker tests. One more thing, if I even remove the block explorer.exe rule with userinit.exe as the parent app, I am still prompted to allow or deny the connection attempt.

Hmmm, do you have svchost connecting to any ip address? This is bugging me and I will keep trying to find out what is going on. The trouble is that svchost can not be totally blocked. It is required for dns lookups (well, there is a way around that, but more on that later) and also MS updtaes and DHCP renewals. More on this later  :)

Offline dlhan

  • Comodo Member
  • **
  • Posts: 49
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #22 on: September 09, 2006, 11:06:59 PM »
If I can remember correctly when I ran the Wall breaker test(except for #2) The warning was that svchost.exe was trying to connect to internet through iexplorer.exe . But I am sure there was no mention of Wallbreaker (except #2).

Offline dlhan

  • Comodo Member
  • **
  • Posts: 49
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #23 on: September 09, 2006, 11:13:07 PM »
BTW, Here is a picture of my log when Wallbreaker is successfully stopped.

[attachment deleted by admin]

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #24 on: September 10, 2006, 12:35:22 AM »
Well, one discovery here is that if I first open Internet Explorer I also fail wallbreaker tests 1, 3 & 4 There are no prompts whatsoever. As long as IE is closed when I start the tests, Comodo passes them all. This is strange and something I'll need to look into more. Maybe someone has an answer?

Offline TheTOM_SK

  • Comodo Loves me
  • ****
  • Posts: 121
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #25 on: September 10, 2006, 02:46:12 AM »
Well, one discovery here is that if I first open Internet Explorer I also fail wallbreaker tests 1, 3 & 4 There are no prompts whatsoever. As long as IE is closed when I start the tests, Comodo passes them all. This is strange and something I'll need to look into more. Maybe someone has an answer?
WB is designed to leak via IE, so as long as IE is closed, it will not leak.
The same situation happened, when I was trying WB with Outpost Pro.
Although, Outpost was not able to block all leak tests, not even all WB.
« Last Edit: September 10, 2006, 02:47:56 AM by TheTOM_SK »

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #26 on: September 10, 2006, 04:31:13 AM »
Well, one discovery here is that if I first open Internet Explorer I also fail wallbreaker tests 1, 3 & 4 There are no prompts whatsoever. As long as IE is closed when I start the tests, Comodo passes them all. This is strange and something I'll need to look into more. Maybe someone has an answer?

As long as "Do not show comodo certired applications" option is not selected, CPF must always show you a popup no matter ie is open or not.

Just make sure you do not have an IPC rule for "explorer.exe OLE Automate iexplore.exe" in HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\IPC

Look for an entry with filename iexplore.exe and see if there are any subkeys with filename explorer.exe.

This can be the only case. Otherwise, without an IPC rule created, CPF must always show you a popup whether IE is open or not.

Egemen

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #27 on: September 10, 2006, 10:39:53 AM »
As long as "Do not show comodo certired applications" option is not selected, CPF must always show you a popup no matter ie is open or not.

Just make sure you do not have an IPC rule for "explorer.exe OLE Automate iexplore.exe" in HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\IPC

Look for an entry with filename iexplore.exe and see if there are any subkeys with filename explorer.exe.

This can be the only case. Otherwise, without an IPC rule created, CPF must always show you a popup whether IE is open or not.

Egemen

Hi Egemen,

"Do not show comodo certired applications" option is not selected, and there is no rule for "explorer.exe OLE Automate iexplore.exe" in HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\IPC .

As long as IE is first open, there are no prompts for tests 1 & 3. My mistake on test 4. It does not even get off the ground.  A task is scheduled 1 minute later but nothing ever happens.

One other thing that is puzzling and gets me thinking this test might be somewhat flawed. It shows my ip address as aaaa.bbbb.cccc.dddd when it is actually eeee.ffff.gggg.hhhh. The ip address it shows is, I believe, one of my ISP's servers (proxy maybe?? a tracert seems to indicate this). Even after the tests 1 & 3 have launched, I check the logs and the remote connections go only to that second ip. Nowhere else.

Offline dlhan

  • Comodo Member
  • **
  • Posts: 49
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #28 on: September 10, 2006, 01:22:41 PM »
Just to confirm, if IE is not open, Comodo stops Wallbreaker on my system

Offline dlhan

  • Comodo Member
  • **
  • Posts: 49
Re: Did Comodo Firewall passed successfully LeakTests ?
« Reply #29 on: September 10, 2006, 01:27:36 PM »
Forget my last post. Open or closed, Wallbreaker gets through Comodo unless I block svchost.exe

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek