1. What version of CIS , or Comodo Firewall , are you currently using:
Comodo Internet Security 7.0.317799.4142
2. What actually happened or you saw :
Comodo Firewall, with or without other protection modules disabled, does not protect against some types of firewall leaks. Specifically, there are multiple instances where it fails to prevent leak-test applications from leaking information through trusted applications. Examples are the GRC leak-test, pcflank leak-test, and leakout.
3. What you wanted to happen or see:
Comodo Firewall should have an option to prevent applications from being able to send data through any application other than their own. This could be a similar toggle to the current one for Block All.
4. Why do you think that it is desirable :
Some injectors and malware could currently use familiar programs to access the network without any firewall alert. An option like this would allow an experienced user to mitigate this risk.
5. Any other information :
It seems that CIS version 2.x was able to better protect against these type of risks.
I hope you don’t mind, but I edited your first post to remove the color. It was distracting me.
There is already a Wish Request about Leakout, which can be found here.
For the other leaktests which you have tried, could you please focus on just one for the minute, and discuss exactly how it was run, how the Firewall was configured, and what exactly happened on your system.
The firewall version 2.xx as he had already shown it filters leaks using browsers or other files to access the network .
Returning to the most current Comodo Internet security 7.0.317799.4142 . If you run pcflank , for example , within the sandbox fully virtualized firewall emitirar not any warning .
1st Test - comodo firewall failure leaktest pcflank
The configuration used :
as internet security - proactive
HIPS enabled - safe mode
Fully virtualized sandbox
Active firewall - safe mode
2nd test - leaktest GRC comodo firewall fails
comodo internet security - proactive
HIPS - disabled
Sandbox - disabled
Firewall - Custom mode (previously configured browser as web browser) and GRC file renamed to the same name of the browser and replaced in the program folder . As firewall will not be able to identify the identity of the.
NOTE: comodo firewall 2.xx can intercept the attempt to connect to leaktest grc.com.
I believe the other modules here does not matter much , since the intention is to make the firewall work for leaks using secure applications.
I think the best way to approach this would be to create a formatted bug report for each of those leak-tests. Let’s continue this discussion through those two bug reports. I will now move this particular topic to Rejected as I believe this is more suitable of two bug reports.
I personally disagree, I think it should remain as both bug reports AND wishes.
Why? Because the bug report would only affect the FV sandbox if I understand it correctly, this wish would also affect the normal HIPS and even without HIPS & BB, just firewall, this means that wish simply only the firewall running it would attempt to stop applications from bypassing the firewall by tunneling the traffic through another application.
Honestly I think the above alone is reason enough to keep it as a wish but just in case, making bug reports for specific applications may cause Comodo to fix the leakage for those specific applications and not the actual technology used or other technologies used, with this wish we would have a toggle setting that attempts to stop leakage for ALL applications in a proactive/behavioral manner (if that makes any sense) rather than by per application.
Given the above I hope you agree that this wish is different enough from the bug reports to remain a valid wish.
liosant, was your wish essentially that you wanted an option added to the Firewall to entirely prevent applications from being able to send data through any application other than their own? If so I misunderstood and that could be forwarded as a Wish and not a bug.
Let me know how you would like to proceed with this.
In that case I will move this back to the main Wish Request board for continued processing. Please edit your first post so that the wish is now focusing on the discussed possible fix for these vulnerabilities.
lionsant, thank you for editing the first post. I have just made further changes to the first post, the title, and the poll. Please look everything over and let me know if it seems correct, and correctly displays your wish.
Thank you for submitting this Wish Request. I have now moved this to the WAITING AREA.
Please be sure to vote for your own wish, and for any other wishes you also support. It is also worthwhile to vote against wishes you think would be a waste of resources, as implementing those may slow down the wishes you would really like to see added.
I would like to thank everyone who has voted on this particular enhancement. As this wish has accumulated the necessary 15 points I have added this to the tracker for consideration by the devs. However, do note that even though this wish will be considered by the devs, it does not necessarily mean that it will be implemented. I will update this topic when I have any additional information.