CFP v3.0.14.276 & Gibson LeakTest [Resolved]

Mr. CEO,

My request is for a feature to CFP v3.0.14.276, latest version I know of, that will pass the little test file by Gibson Research Corporation titled “LeakTest”. I downloaded then ran the program as IExplore.exe, FireFox.exe and CFP.exe. Comodo Firewall Pro, above version was penetrated each time along with the other two. If you need or want some information on this little test file go to GRC | LeakTest -- How to Use Version 1.x   and join me and many other users and learn.

I ran his ‘ShieldsUp’ and was given a full Stealth of all ports then FAILED this little LeakTest which is not very good. That means your firewall will not protect against a TROJAN that may sneak into my computer and attempt to change it’s name to one of the most trusted programs on my system, “cfp.exe” then have full access to the web to do any of it’s dastardly deeds without your knowledge nor mine.

Do you think that can be done?

Thank you for reading my Roaster Poster,

your wish is granted!

our firewall has been able to do that since v2!!!

thanks

Mr. CEO

Melih

Might I add? Behind the ears real well and between our toes?

I will search for the cure of ‘Leaky TestY’ in the HELP ME file.

BAG !! Really that suggestion is really good, Merry Xmas, Happy Holidays, and all of the remainder,
TIA,

Mr. CEO,

IF you use GRC’s Leak Test as instructed and that is what I have done it will not pass. Even with the Leak Test program on a different drive and any named folder, I used IExplore.exe, FireFox.exe and CFP.exe as names Leak Test was changed to and they all were passed through. Meaning a complete and full FAILURE.

There was NOT any question from CFP about allowing or not allowing any program through that was not the correct size, originating location (proper folder nor correct drive). Should not ANY firewall ask if the location is not correct and the size of the file, no matter where it is coming from or what size it is does not match what the REAL file is or where located, block it in AUTOMATIC as well as ASK?

Ok Mr. NTxLS, if you have a look at the first 5 of the attached 6 screenshots, you’ll clearly see each CFP alert that appeared when I tried to run GRC’s LeakTester.

With alerts 1-4, I selected ALLOW but not REMEMBER. I only selected ALLOW to see how many further alerts would be produced and what, in my opinion, was the last possible point you could select BLOCK and it would still stop the leak tester. When the dialogue that appears in screenshot 5 appeared, I figured this would be the last possible point to kill it, so I selected BLOCK in this dialogue. When I clicked in the GRC LeakTester window to test for leaks, funnily enough, I got the message that appears in screenshot 6.

Now, I could have killed the process at any step prior to when I did (screenshot 5) but just wanted to see how far you could go before it was too late. I don’t know what you did to get the test to fail, but you did something. One thing you may have done is to accidentally clicked ALLOW and REMEMBER at some point inthe past. If so, the LeakTest will pass forevermore. If this is the case, you would have to go out of your way to get it fail.

If, on the other hand, you click BLOCK when you are supposed to, the firewall stops both the injuection and the attemtped outbound access.

As well as reading the instructions on the LeakTest site as closely as you obviously have, may I recommend the firewall’s help files for your perusal.

The firewall DOES pass this test.

Before anyone even think about the screenshots being photoshopped, I’m quite happy to redo this process in front of a notary or a JP.

Cheers,
Ewen

[attachment deleted by admin]

Its most likely that the test is whitelisted for Mr NTxLS…

Melih

I think he is talking about checksums which 2.4 used to have. Which means if you rename a blocked file it will pass because comodo thinks it is new. This is a risk if viruses change their filenames because comodo will not track it.

I think it was known as cryptographic signature in 2.4.

In the default defense+ rules explorer.exe is allowed to rename/modify protected files. If you rename the executable with explorer and did not change the permissions you will not receive anyy prompt.

correct.

If you rename the executable with explorer and did not change the permissions you will not receive anyy prompt.

“and did not change permissions”??? change them FROM what TO what???

Even if you change it to “whatever.exe”, you will still get alerts unless the application is specifically allowed to run by yourself or you are running your Defense+ in Clean mode.

Ewen

I found out that if you use Kaspersky IS or/and AV , you will not be prompted for new connection from CPF3 if you already have configured port 80 outbound TCP for Kaspersky, in a matter of fact every app. connection request will be allowed if requested port is already allowed for Kaspersky, even leaktest or Internet explorer. it seems that kasperskys (local proxy routine) reuse/stealth every connection request made by xx application…

Something should be done about this because leaktests request to loopback is not noticed by CPF

[attachment deleted by admin]

Excuse me for not having been on here for a few days. Have had several BSOD experiences and are attempting to discover what is causing this problem, do not think it is Comodo this time. Have been off-line doing plenty of scans with AntiVir, SBS&D, RootKitRevealer looking for some nefarious or hidden programs. Nothing so far . . .

Mr. CEO,

I do not think, will check farther, there are any whitelisted programs. I also know there is a very LARGE learning curve for me to get thingys set better, that is also a work in progress. I read over as much as I can on here to find hints or instructions for other problems and make me some notes for future references.

NEXT:
Panic,

Thank you for the screenshots to see what should be, but; is not necessarily so on my system. I am a NEWB on this XP system and have many times made mistakes before learning what is really needed.

To quote you in part:

"One thing you may have done is to accidentally clicked ALLOW and REMEMBER at some point in the past. If so, the LeakTest will pass forevermore. If this is the case, you would have to go out of your way to get it fail.

If, on the other hand, you click BLOCK when you are supposed to, the firewall stops both the injection and the attempted outbound access.

As well as reading the instructions on the LeakTest site as closely as you obviously have, may I recommend the firewall’s help files for your perusal."

End your quote.

I have used Mr. Gibson’s LeakTest before on several occasions and some have failed with another passing. I do also understand about whitelists and the other blacklists, have not setup any in Comodo, as far as I know. NO, I did not click Allow at any time because Comodo never asked any question. I have NOT run it as LeadTest only as those I have posted, ‘iexplore.exe, firefox.exe and cfp.exe’ from a different drive than the loction of the executable for each of those files. Yes, I will read the HELP files for Comodo some more to see what may have been missed or missunderstood. As you can tell from this message and previous ones I am not the smartest, but; with my training wheels help maybe I can regain the high ground.

I thank one and all for their postings here and will now be off for more reading, learning, testing, etceteras,

Happy NewYear for all that find this thread,

P.S. to my previous message.

I am running in SAFE MODE with NETWORK access because of my system acting a little strange, slow (taking much time to open a program or change to another). The only ICON in my SysTray is Comodo and that is the only one I can trust at this time.

Thank you one and all again,

NTxLS,

Did you already have Gibson’s LeakTest on your computer when you installed CFP v3?

If so, default install of v3 will set it for Clean PC mode, which means that all applications on the computer at the time of v3’s installation are considered to be Safe (ie, automatically SafeListed). If you open Defense +/Advanced/Computer Security Policy, I think you will find an entry for the LeakTest, set for Custom Policy.

LM

LM,

You know, that is not for certain of it being there before or after the last install of CFPv3.0. I have been involved with so much, other systems for friends as well as myown that has escaped my memory now. I did look in there and found it listed in 'Defense+/My Own Safe Files/ as Leak Test, but; was running it as ‘iexplore.exe’ and was allowing it through. I removed that entry of Leak Test and CFP began asking what it should do with that file, of course I denied it permission. Even changed it to ‘cfp.exe’ and was still asked by CFP what to do, which is what it should do.

You are probably correct on that being there before the last install of v3.0.14.276. WOW this has been a run and very confusing. I know you people on this forum know what you are talking about and are probably correct all of the time, except where I am and when I am involved thingys do work differently. Especially when I am the one doing the install and operation. BAG!!!

Thank you one and all and have a Happy NEWYEAR!!!

heh heh, sometimes it’s a learning experience, that’s for sure! Glad it’s worked out for you. I’ll mark the topic as Resolved and close it. If you need it reopened (problem recurs, more questions about it, etc), just PM a Moderator (please include a link back here) and we’ll be glad to do so.

LM

PS: Have a happy and safe New Year!