I guess I have wrong settings which made me get 130 of 340. Any help would be appreciated.
OS:Win7 pro 32bit
Security: CIS 5 with proactive security settings on
Antivirus
AV settings: Realtime protection is on ON Access, scan memory on start is on, auto updates are on, Don’t scan files that are bigger than 50Mb with heuristics on hight. Manual scanning has heuristics on high, scan archive files and don’t scan files that are more than 200MB.
Firewall
The firewall is on Safe mode, Alart settings is on High and on Advance settings all options are marked besides Monitor NDIS protocols other than TCP/IP. In Stealth Ports Wizard i have selected "Block all incoming connections and make my ports stealth for everyone
Defense+
Defense+ is on safe mode. In General Settings everything is as it is from the factory. In Execution Control Settings the Imagee Execution Control Level is enabled, Treat unrecognized files as Restricted and all of other options are marked. Everything is as it is from the factory but I have unmarked Automatically trust files from trusted installers. Everything is marked in Monitoring Settings.
Here is the list
LIST
Date 11:27:47 - 2010-11-25
OS Windows Vista SP0 build 7600 (strange that is says Win Vista)
It wasn’t referred as instruction, it was referred because Leak Tests wasn’t designed to work with a sandbox. You will get erroneous results. The Leak Test program needs to be updated to work properly with the new CIS.
okey I will wait for the updated version; i know I a clean system (so I think ;D) since I make regularly scans with different scanners and I control if something seems abnormal.
Rest assured, you are perfectly protected. I have CIS as my only security program and I feel no need to worry! With DACS coming in future versions, CIS will be even more powerful.
I also got bad results the first time I ran this test as well, but if you search the forum for…
… Getting Accurate Leak Test Results …
and follow the instructions, you will get accurate results.
The first 5 sections are very important.
Basically, you need to make sure any rules that were made while you ran the test the first time need to be removed, and you need to delete the Internet Explorer (IE) browsing history cache.
And then reboot.
what should be changed in the test to work with the comodo sandbox? do you just want that the “testresult” looks good, or do you want to test your program? hey, all products would get 100% results if it was usual to modify tests to get good results
the test shows that the sandbox allows things to be done automatically which you dont want to be done.
yes, a reboot will remove some of the happened threats… but the threats worked until that (keyloggers for example).
when a TEST has to be changed to get good results… LOL?
the test shows that there is a design problem with an “automatic allowing sandbox”. in other words: automatic sandboxing is meaning much more, that the threats are allowed to run automatically, even without any question from defense+.
Virtualisation allows files to be dropped and changes to be made in the registry, but in a special “virtual” folder and registry. CLT doesn’t understand that they are virtual, and says Vulnerable. That’s why CLT should be updated.
But if you run CLT and click on Sandbox in the unlimited access alert, virtualisation is not applied, and you can get 340/340, with default settings!
The point is, the test was designed to test the HIPS side of CIS – not the sandbox.
And once you run the test, CIS makes rules for the leak test which have to be cleaned up, otherwise it will let the same leaks through the next time you run it.
Following the clean-up procedure is no big deal. I am a computer noob and I did it in about 5 minutes.
O0
Automatic sandboxing does not virtualise software Files and registry keys created by the software are NOT stored in a separate place on your hard disk. (Instead, to protect system integrity, the sandboxed program is prevented from writing to protected folders, pre-existing files, and registry keys ).
anyway , even if I disabled the file system and the registry virtualisation completely , still one can never get full score with the sanbox option on !!!
I only get full score if I disabled the sandbox option …
since we all now agree that Automatic sandboxing does not virtualise software Files and registry keys created by the software , and it only prevents the sanboxed program from writing to protected folders, pre-existing files, and registry keys
so why CLT results when ran with S/B disabled are not equal to CLT ran with S/B enabled???!!!
since the automatic sandboxing is only more restrictions , i assume the CLT results are supposed to be better not worse !!! like the case we have here !!
CIS 5 is a very powerful software but I guess the sandbox is bugged !
Automatic sandboxing does not virtualise software Files and registry keys created by the software
and u said that :
CLT doesn't understand that they are virtual , and says Vulnerable. That's why CLT should be updated.
and this is not true cause there is no virtualization in the automatic sanboxing , it’s only some restrictions the isolated program is forced to go throw
And I do get 340/340 with sandbox enabled (Partially limited) on XP SP3.
I can’t reproduce that though ( win7 x86 fully updated - SB partially limited/limited/restricted/untrusted ! - proactive configurations - safe mode for D+ & Firewall - Automatic detection of installers… unselected …)
can u give me some details on how u get that score ?
Did I mention automatic sandboxing in CIS in the first paragraph? No! It’s about CLT and has nothing to do with CIS.
Automatic detection of installers selected or not does not matter. If it is selected, you gen an Unlimited access alert, and can click on Sandbox. Just run the tests and block every alert.
Did I mention automatic sandboxing in CIS in the first paragraph? No! It's about CLT and has nothing to do with CIS.
yes , u said
[b]Virtualisation allows files to be dropped and changes to be made in the registry[/b], but in a special “virtual” folder and registry.(no ! , the virtual folder is empty) CLT doesn't understand that they are virtual, ( they are not virtual ! ) and says Vulnerable. That's why CLT should be updated.
witch virtualisation u r talking about ??!
as i said before , CLT low results have nothing to do with virtualisation , there is something wrong with the sandbox feature.
anyway , CIS 5 is strong enough even without sandbox enabled , and I’m happy with it
Automatic detection of installers selected or not does not matter. If it is selected, you gen an Unlimited access alert, and can click on Sandbox. Just run the tests and block every alert.
I already tried that and it didn’t do the trick , i got 320/340 (Impersonation: Coat/DDE )
the only way to get full score is to completely disable the sandbox feature. maybe it’s CIS / win7 issue , who knows ?
I will give it a try on xp sp3 and see how it goes
no need to fight here! I opened this topic to get help, not see people arguing with each other. I got my answer and a deeper understanding how this leaktest works.
I thank all for taking their time to explain and to give advices.
