Author Topic: Leak test results not perfect.  (Read 6298 times)

Offline Chris6815

  • Newbie
  • *
  • Posts: 14
Leak test results not perfect.
« on: February 01, 2013, 02:32:23 AM »
I leaked tested my Comodo firewall 6.0 and the most I can get is 310 of 340.Am I doing something wrong?I thought that Comodo passes it's own tests.I am running Windows 7 64 bit.I have tried all configurations even block all.

Offline DrHaze

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 466
  • Once A Comodo!Always A Comodo!Go Comodo!!
Using Chiron's Install Directions Leaks Everywhere
« Reply #1 on: February 01, 2013, 08:25:07 AM »
well i got a 200/340 with hips off, defenese + set to untrusted like chirons directions say.
I think someone needs to address this. I am not using defaults. and there are leaks everywhere. 200/340 using chiron's install directions. This is unacceptable using Comodo's Own Leak Test.
« Last Edit: February 01, 2013, 08:30:56 AM by DrHaze »
AMD Phenom x4 3.3GHZ 12Gig Ram
Intel Core 2 Quad 2.5ghz 8Gig Ram
Windows 8 x64 Pro

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Leak test results not perfect.
« Reply #2 on: February 01, 2013, 08:31:48 AM »
If you have the behavioral blocker turned on it will not do very well on the test. That is because the leak test was created to test strictly HIPS-based protection. Therefore, with the newer innovations Comodo has made the test is no longer applicable to the newest versions of Comodo Firewall.

Offline DrHaze

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 466
  • Once A Comodo!Always A Comodo!Go Comodo!!
Re: Leak test results not perfect.
« Reply #3 on: February 01, 2013, 08:33:51 AM »
But are these still real leaks?
I turned on hips and left defense settings the way you said and still got a 200.
I now have set sand box to restricted instead of untrusted and still a 200.

What settings get a 320? I am under windows 8 x64 Pro Maybe their are some problems.
« Last Edit: February 01, 2013, 08:38:54 AM by DrHaze »
AMD Phenom x4 3.3GHZ 12Gig Ram
Intel Core 2 Quad 2.5ghz 8Gig Ram
Windows 8 x64 Pro

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Leak test results not perfect.
« Reply #4 on: February 01, 2013, 08:40:27 AM »
But are these still real leaks?
As far as I unerstand it, no. I believe that the only way to 'trick' the leaktest into giving you a good score is to turn off the BB and use only the HIPS. That's because it was really a HIPS that it was designed to test. Using the BB will make it appear that the system is not protected while in reality it is. It's just a limitation of the leaktest.

Offline DrHaze

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 466
  • Once A Comodo!Always A Comodo!Go Comodo!!
Re: Leak test results not perfect.
« Reply #5 on: February 01, 2013, 08:49:40 AM »
With Defense + behavior blocker off and just hips on set to safe mode in a proactive configuration i score a 190.
Makes you believe something needs to be fixed.
My Mom's laptop in firewall mode all defaults except behavior blocker on. Scores a 200/340 with windows 8
There has to be something wrong
« Last Edit: February 01, 2013, 08:53:06 AM by DrHaze »
AMD Phenom x4 3.3GHZ 12Gig Ram
Intel Core 2 Quad 2.5ghz 8Gig Ram
Windows 8 x64 Pro

Offline John Buchanan

  • "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well armed lamb contesting the outcome of the vote." ~ Benjamin Franklin
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6682
  • Personal Dragons can be defeated. Improve yourself
Re: Leak test results not perfect.
« Reply #6 on: February 01, 2013, 10:27:41 AM »
Nothing to fix, the CLT was meant to test HIPS only suites, as in CIS 3.5.
Using sandboxes and BB and such, CLT is no longer applicable as a valid test software. It is completely unreliable these days.
Best advice, don't use CLT as a test program!
Please follow Comodo Forum Policy

Bah! Ban 'em all! The only good member is a banned member
And a member is just a policy violator who hasn't been caught yet. >:-D

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: Leak test results not perfect.
« Reply #7 on: February 01, 2013, 12:33:46 PM »

Offline Chris6815

  • Newbie
  • *
  • Posts: 14
Re: Leak test results not perfect.
« Reply #8 on: February 01, 2013, 04:17:33 PM »
I retested with the behavior blocker off and CIS 6.0 firewall scored 340 of 340 :D So should I turn the behavior blocker off? When I tested with behavior blocker on it scored 300 of 340.It connected to internet using IE 10 and Google Chrome to give me my score.It failed #10,11,24 and 25.

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: Leak test results not perfect.
« Reply #9 on: February 01, 2013, 04:39:20 PM »
No, you shouldn't turn the behavior blocker off.

Part of what the Leak Test does is assumes that if something has been allowed to run, the system would be compromised if the process was malware. In the case of the automatic sandbox, the process is indeed allowed to run, however, it has been sandboxed so the process is limited in the damage it could do to the system.

As has already been stated, this test doesn't adequately test a security suite with a sandbox.

Offline DrHaze

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 466
  • Once A Comodo!Always A Comodo!Go Comodo!!
Re: Leak test results not perfect.
« Reply #10 on: February 01, 2013, 10:33:34 PM »
I decided to run this thing inside the virtual kiosk so people who wrote this app and know how the tests
work would have the results. right now it's hung on icmp test. maybe someday it will time out so we can see the final results of it in the virtual kiosk.. Test won't complete inside the virtual kisk.
« Last Edit: February 01, 2013, 11:15:27 PM by DrHaze »
AMD Phenom x4 3.3GHZ 12Gig Ram
Intel Core 2 Quad 2.5ghz 8Gig Ram
Windows 8 x64 Pro

Offline DrHaze

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 466
  • Once A Comodo!Always A Comodo!Go Comodo!!
Re: Leak test results not perfect.
« Reply #11 on: February 01, 2013, 10:38:51 PM »
Chris6815 got perfect results. I see Chris is Windows 7 sp1 64bit. so i just need the settings to see what it does to Windows 8 x64. I would like to test windows 8 x64 cis 6 with same settings to see what it does.
and then run it inside the kiosk too.  :o

After playing around i found the test won't complete if you right click on it and say run in comodo sandbox.
with Behavior Blocker set to untrusted and hips on with safe mode.. i just click run isolated twice. start the test and get 340/340 Now on Win 8 x64

I also just ran it as administrator and granted it unlimited rights instead of run with isolated rights and still passed 340/340 with the way my settings are.
« Last Edit: February 01, 2013, 11:26:22 PM by DrHaze »
AMD Phenom x4 3.3GHZ 12Gig Ram
Intel Core 2 Quad 2.5ghz 8Gig Ram
Windows 8 x64 Pro

Offline WxMan1

  • Comodo's Hero
  • *****
  • Posts: 819
Re: Leak test results not perfect.
« Reply #12 on: March 08, 2013, 03:07:10 AM »
You guys can argue for or against Chris6815 all you want.

Does any of your argument STOP the next 0-day Java?

And if it doesn't: why does the TSVL still exist as a component of CIS?

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek