A new leak test application from COMODO ! [CLOSED]

This is the firewall log for the test by the way:

20:21:17 CPILSUITE.EXE Blocked Application is attempting to inject its component into another process. Process: CPILSuite.exe, Injected: F:\DOWNLOADS\CPILSUITE\CPIL2.DLL 20:21:15 CPIL.EXE Blocked Application is attempting to modify other application memory. Process: CPIL.EXE, Target process: C:\WINDOWS\EXPLORER.EXE 20:05:37 CPIL.EXE Blocked Application is attempting to modify other application memory. Process: CPIL.EXE, Target process: C:\WINDOWS\EXPLORER.EXE 20:05:13 CPIL.EXE Blocked Application is attempting to modify other application memory. Process: CPIL.EXE, Target process: C:\WINDOWS\EXPLORER.EXE 20:04:22 CPILSUITE.EXE Blocked Application is attempting to inject its component into another process. Process: CPILSuite.exe, Injected: F:\DOWNLOADS\CPILSUITE\CPIL2.DLL 20:04:14 CPIL.EXE Blocked Application is attempting to modify other application memory. Process: CPIL.EXE, Target process: C:\WINDOWS\EXPLORER.EXE

I have tried this test and at first nothing got through. Then I allowed it to get through once. I rebooted and it still gets through no matter what I do. I even uninstalled and reinstalled the firewall but Test 1 always gets through now. How to I get it back to not allowing Test 1 to get through?

this is my “expert” opinion (:NRD) ;D :

1. you ticked “remember” when you allowed the app
2. you still had the CPIL leak test app on your comp when you reinstall CFP3 using Clean PC mode, so
   CPIL leak test was white listed on your PC.

enough fake “expert” opinion, let’s wait for the real expert to come here ;D

Ganda

Ok, so how do I un-whitelist it then?

WOW, so it works huh
ehhm,here we go
go to CFP3/defense+/advanced/computer security policy
you’ll see list of remembered rules there. Remove or edit the rule for the leaktest app.
oh, you might wanna check %windir%\explorer.exe ==> use a custom policy/access right/
on run an executable, click modify and find the leak test app there

I deleted the rules for that before and it still gets by test 1. The second part of your instructions I didn’t quite understand. That only takes me to the window explorer program. I’m using Windows XP.

i use Xp SP2 too. i think we really need the expert help right now ;D
ok, this is my step 2, sorry for being unclear, me & english.
CFP3/Defense+/advanced/computer security policy
*find %windir%\explorer.exe ,double click on it,
*tick use a custom policy, and click access right
*on the “access rights” window==>run an axecutable==> click modify,
you’ll see another list of allowed/blocked apps there

Ganda

Ahh, ok, I found what you were talking about. Thank you for the very detailed explanation.

The app wasn’t listed in there.

Somehow it involves the hooks but I don’t see where to edit those.

I thank you for all the help, sir. We’ll get this figured out if we keep plugging away at it.

huh ??? hook? what hook?
based on my stupid experience of mistakenly allowing/blocking apps ;D , after i do these steps :
*find %windir%\explorer.exe ,double click on it,
*tick use a custom policy, and click access right
*on the “access rights” window==>run an axecutable==> click modify
there are lots of apps listed there, and i just remove the mistakenly allowed/blocked app.

The app is not listed in that section so there is nothing to remove.

When you run CPLSuite it adds some hooks. That is how it bypasses the firewall.

hmm ??? so you don’t have specific rule for CPIL leaktest and still don’t pass test 1.

oh ya, i remember that, it’s defense+ warning that blocked the attempt.

:-\ let see if someone can help you out. have you tried another leaktest apps? didn’t pass the leaktest app by mistakenly click “allow” doesn’t mean your firewall’s leaking ;D

edit :
hey, i’ve just tried the CPIL leaktest, i allow & remember test 1 (access physical memory directly attempt), remove the rule, but i still didn’t pass test 1 after that.
let’s ask for help together ;D
i’ll try to reboot my comp and see if i still fail after rebooting

hi Boofo (:WAV)
just rebooted my comp, CFP3 successfully block test 1. ???
it’s a weird problem you have there. ???

I even tried uninstalling and reinstalling the firewalll and it still gets through.

I emailed Melih, but he wasn’t sure why it is doing that.

sorry to hear that (:SAD)
but i gues you shouldn’t worry too much, it’s just leak test app that you’ve mistakenly allowed, not a real leakage ;D . perhaps you wanna try another leaktest app like GRCleaktest and see if your CFP3 can pass them.
let see if some mods here can help you. :THNK

I guess it’s just the principle of it all. This is the best firewall ever and I can’t even stop a little leaktest.

88. in this case, i think it’s the user, not the firewall ,i think you’ve proven that CFP3 CAN block the malicious attempt, but you’ve mistakenly allowed it. in reality, if a malware tried to send something out, CFP3 will blocked it, but once we “allow” it, we’re doomed. we can’t expect a second chance from a malware.

Yes, but the firewall should be more forgiving than that if we as a user mess up and allow something we shouldn’t. If your scenario is correct, if we ever allow anything by accident, the firewall becomes useless after that for that allowance. Not a good idea for a top of the line firewall, huh?

yeah,i mean you have an uncommon problem there. what if you mistakenly block a legit app, maybe your AV updater :o , maybe you can submit a support ticket to comodo?

well, yeah. the firewall has stopped the thief, but we open the door for him. ;D

Yes, but when you open the door to the thief once, doens’t mean you want them stealiong from you again and again. There should be a way to relock the door, right?

Gotta love a good metaphor.

yeah, how about the other app? do this issue only happen to CPIL or another app as well? i think you really need to submit a support ticket to comodo. that’s a serious issue, :o