2.3.3.33 (& 2.3.5.62) is failing leak tests [Resolved]

The new beta 2.3.3.33 is still failing the leak tests. I’m not using a bunch of leak tests but 2 popular ones, cpil.exe & pcflankleaktest.exe. I’ve done a clean install (former versions of comodo were not passing either). Comodo does yield a popup most of the time, but whether I leave it alone or hit deny the info goes right on through. Occasionally it goes through without yielding a popup, but as I said even when it does & I hit deny or do nothing the info goes right through & is visible in the browser. The fact alone that it yields a popup does not mean that it’s passing, it needs to actually block the transfer of the info to pass the test, which it is not. The funny thing is after I hit deny it denies all the rest of the internet untill a full reboot. No matter how many times the browser is restarted or how many times I click deny, it keeps popping up with every internet access & warning about the leak test long after the test has already completed it’s data transfer. This is pointless as it doesn’t actually block the test itself, just other access afterwards.

I’ve looked through the settings thoroughly, deleted all the registry entries & reinstalled numerous times, the results are always the same.

Some people do seem to report that the leak tests are being blocked, although no version of Comodo I’ve tested has ever passed the leak tests.

Any suggestions on how to get this to work, or am I just existing in a different reality than those that think Comodo is passing the leak tests?

Edit - Just changed the title to more accurately reflect the latest developments regarding this thread

On the beta you must have “component monitor” turned on. (:WIN)

Also, can you try with ‘automatically approve safe applications’ turned off?

Component Monitor was set to learn mode, I turned it full on. Turned off safe applications in preferences, even reinstalled again, cleaned all the old Comodo registry entries & skipped scan to make sure it didn’t log any safe software into it’s database… I thought it was supposed to pass with default settings?

Still fails the leak tests. It gives a popup about half the time, but denying does not block the info from getting through. The strange thing is too, it keeps persisting with the popup about cpil after the test is already done when I attempt to do other internet activity even though it never blocks the test & it’s long since been done. Always requires a reboot to get rid of the malfunctioning popup & restore normal internet use. It’s really kind of funny that it persistently tries to block all legitimate internet activity after the fact, but lets the leak tests win everytime.

Normally I use Maxthon browser but I tried with internet explorer set as default just in case, still fails the leak tests, exact same behavior.

I can’t help but wonder if people are only thinking it passes the leak tests because it gives them a popup? Or are people really having different experience with the tests failing or succeeding, & if so what would cause this variance? For me it has always consistently failed no matter what I’ve tried to correct the issue.

I believe you have to be careful about leak tests and depending on a firewall to pass every one of them that exists. Personally, I’m just not going to worry about it. Leak tests serve a purpose when used the right way for the right reasons. There are many reasons why a firewall can fail a leak test. They are not all problems of the firewall itself. That’s why I have an AT & AV scanner on my computer.

Look, some of these problems have to do with what we expect a firewall to do out of the box and with ZERO configuration. Another problem is that Windows is not a secure OS and many of these leak tests take advantage of that fact. I guess it all depends on what we are looking for. For myself, this firewall (Comodo), even at this stage of development is exactly what I was looking for. I don’t want a massive suite that is bloated and kills system resources. That’s what some other well known firewalls have turned into. This is a great firewall which offers great outbound protection. I don’t look at running an AT along with an AV and maybe even intrusion protection as plugging my firewall. Leaktests are overrated! I didn’t mean to rant. Sorry.

Oh, by the way. I passed the PC Flank leak test and ever single one of the others that you mentioned. For PC Flank, Comodo presented the popup & denied access but the info didn’t seem to get passed on to PC Flank site. PC Flank says if failed the leak test but it didn’t. I’m not sure why you are failing all of these leak tests xTerminus. Anyway, I see no evidence of claims being made that haven’t held up so far. Maybe waiting for Outpost 4 is the way for you to go, because as you said, the people at Agnitum have never made a false claim? (:WIN) Oh well, good luck!

Totaly agree with everything that you have mentioned Stephentony, I tried Flanks tests 4 times and passed every one of them. This latest beta version is just great. Melhi and the team sure are getting together a superperb firewall.

Truthfully, I’m not terribly concerned with Comodo’s failure of the leak tests. Most firewalls (except Outpost 4) are not capable of actually passing these leak tests. It’s perfectly normal for a firewall to fail these tests. And running leak tests is just that, running a test, it’s not necessarily a true situation that your pc is dealing with on a regular basis in a real environment. But these tests can be a good indication of advancing methods of malicious code that could potentially be executed on an end users pc. Personally I’ve never actually had any problems with security even on completely unprotected systems, & I as well run a strong antivirus & other antispyware/antitrojan software with HIPS. In most cases this is all overkill & HIPS can be nothing short of incredibly annoying & a quick way to wear out your mouse. All of these types of software just continually require extra input & acceptance of legitimate processes, applications, registry changes & internet access etc. In all reality most people (myself included) probably get so used to clicking allow or accept that if an actual piece of malicious code were attempting do something, it would be accepted right along with the good stuff…

Anyhow, I like betas & I like to test software, a lot of software. My concern is more in that Comodo is claimed to pass these leak tests, & I have never found this to be true, yet. I’m still waiting for the release that really does pass the leak tests as is claimed.

Look, some of these problems have to do with what we expect a firewall to do out of the box and with ZERO configuration.

As for what people expect, I only expect it to do what it claims to do, & that is to block these leak tests. As for out of the box, well, I like to mess with configurations so that isn’t much concern to me, but again, it claims to block all known leak tests with default settings. I’m not asking this of it or expecting it, it is telling me this of itself & begging me to test it…

(:KWL)

Hi xTerminus,

I have replied your query in another post. Please let me know whether the solution worked for you.

Yours truly,
DoomScythe

Just tried the tests on my machine and CPF passes them. I didn’t have to turn on “component monitor” at this beta.

Well CPF instead of other firewalls passes all leaktests with ZERO configuration

xTerminus, there are numerous posts on the forums where people have tested CPF themselves to verify its passing of the leaktests. CPF does pass with its default settings and when a new leaktest has come out CPF has been updated immediatley to deal with it even if it was only a proof of concept leak test.

Did DoomScythe’s suggestion work?

Mike

I think xTerminus has a different agenda and it’s not the truth he is looking for. I passed all of the leak tests that he claimed Comodo failed and I passed every single one of them with the firewall installed with zero configuration. The same results have been acheived by many others here in this forum. I think you reach a point where you have to ask if xTerminus has a different agenda? Is it really truth in advertising? I am guessing no. I even ran all of the leak tests he mentioned one more time this morning and passed all with flying colors. My guess is that he will continue to tell everyone here that the Comodo firewall does not pass his tests, and as a result, the claim made by Comodo that it will pass the leak tests must be a false claim. It’s a nice Catch22. He is interested only in the claim made, not that the firewall actually pass any of the leak tests! The firewall will never pass the leak tests he runs because that is not in his interest. Can you see where all of this leads? That’s right! Absolutely nowhere. Remember, there are people watching this from all over the world with great interest. You don’t really think everyone wants to see this product succeed, do you? (:WIN)

To be fair I must join the (few?) whos comodo does not protect against cpil.exe (Pcaudit test nr3 locks up my computer the first two passed) I have tried “out of the box” and I did the registry tweak and have component monitor on (not learning mode) suggested here on this forum.
Funny thing is that the registry tweak did work the first time I tried it (ie Comodo did give a popup warning about cpil.exe. It did however open up the web page but did not display what I wrote. But now it does without any warning ???

Your firewall didn't pass the test and transmitted information to our website. You typed: testing|http://comodo/|http://firewall/|http://against/|http://cpil.exe/

This time it was useless information - next time it could be your credit card number or other sensitive data being passed to a hacker.

Comodo Personal Firewall 2.0 is the only firewall to pass the Parent Injection Leak test with its default settings.

The http:// is added by the web page I guess coz I did not write that in Cpil.exe

I am not to worried and will continue to use Comodo (have no hidden agenda ), but I must agree that it doesnt pass the leaktest on every machine. Default settings or not.

It is the same result on the two latest betas.

edit edited som horrible spelling.

xTerminus: Are you saying that all these people who run the tests and then come to this forum and tell us that it passes are lying?

Melih

Not anymore. Current BETA is the Rock. It must not fail any leak tests.

Have a look at the leak testing criteria paper at www.firewallleaktester.com. If the author of that paper were strict on applying the criteria he wrote, none of the firewalls listed there, would be accepted as passing some basic leak tests, except CPF.

You want CPF to secure inbound/outbound traffic to/from your PC. And it is only interested in this. CPF is not an AV or a HIPS, or an antispyware. So if there is no internet connection, CPF does not interfere.

Another point is CPF is passing those tests(and much more unknown ones) with its default configuration and while its component monitor is learning mode or off. I havent seen the verison of the firewall you mentioned yet. It was not even close to CPF last time…

I am not sure about this leaktest. I used a packet sniffer with it to see what happens and as soon as you press the button then there is a transmission as follows:-

(UDP)192.168.0.xx:1421->212.87.64.7:53 ,61 Bytes
(UDP)212.87.64.7:53->192.168.0.3:1421 ,77 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,48 Bytes
(TCP)195.131.4.164:80->192.168.0.3:1422 ,44 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,40 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,40 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,268 Bytes
(TCP)195.131.4.164:80->192.168.0.3:1422 ,189 Bytes
(TCP)195.131.4.164:80->192.168.0.3:1422 ,40 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,40 Bytes
(TCP)192.168.0.xx:1422->195.131.4.164:80 ,40 Bytes
(TCP)195.131.4.164:80->192.168.0.3:1422 ,40 Bytes

Now maybe no information was sent but there was a communication and no warning from Comodo.

Wallbreaker would also appear not to be blocked since there is transmission before the deny is pressed in Comodo.

To me the best defence against these tests is simply to block IE from even starting.

Can you please paste full contents of the packets from the sniffer. It seems to me that you allowed once before and these are the packets from the your previous session.

For wallbreaker, disable “Do not show alerts for the applications certified by COMODO” option and retry.

No, this was the same in every session. As soon as the button is pressed the contact is made. Comodo does not stop the communication.

Can’t show you the packets since it is no longer installed. Do not have any confidence in it for this and other things I found.

Hi David,

According to your packet sniffer logs, data is being sent. So if CPF shows a popup, you can not see such sequence of packets. With this packet sniffer logs, you should be able to see the text you typed.
[/quote]
It is out of question that CPF will not see such a simple COM based ipc. It can even detect chained COM requests. Malware must be much more smarter to bypass CPF. PcFlank test is notoriously difficult to understand for someone who is not accustomed to using CPF. If you believe CPF fils, the ethical thing to do, is to test it correctly and share your findings with us in such a detail that developers can understand the issue and produce a fix in case of any bug to protect the users. For example the case when you allow once and go back and retry is completely different from closing the internet explorer and Pflank and retesting.

Do not have any confidence in it for this and other things I found.

We are sorry that you do not have any confidence in CPF. You have automatically approve safe applications option enabled and then you wonder why CPF is not asking you about say internet explorer. Without trying to understand what is going on, reaching a judgement would be neither appropriate nor rational. Anyway, what is your favorite firewall which gained your confidence to be remain installed? We would be happy to hear that.

I have been reading your posts in our forums quite sadly. I hope the only reason for your negative attitude is because of being having to activate CPF before using.

Good luck,
Egemen

Thank you for replying.

There is another firewall that is claiming to pass all the leak tests, namely Private Firewall. I did the self same test with that one and a pop up came asking me to allow or not. Denying prevented any communication to PC Flank. Although the text did not appear to be transmitted with Comodo all the texts were shown when I selected ‘Open browser’. So you are not preventing the text/communication being transmitted.

Whether leaktests are valid or not, it is you who are making the claim.

Re activation. I was not referring to that. You have your reasons for using and I have mine for not liking it, but accept that is the way you want it and I have to accept that or not use the program.

The distrust I inferred was that when I opened up another browser there was a pop up to allow/deny and whilst I was reading it I saw that the connection was made anyhow. So if it does it with that then what else will it just allow.

With trusted applications I want to be the one who decides whether or not they connect. I think you should at least say that this is a trusted or not program allow/deny and it should be totally blocked until I decide. The default should be to deny with an option to take the automatic approval on set up or first run.

That is why in its current state I do not feel compfortabe using it.

Hope this gives you a better understanding of my position.