CIS 5 fails comodo leaktest

Learn about Computer Security Leak Testing/Attacks/Vulnerability Research
#1

I’ve just updated CIS 5 beta to CIS 5. I’ve set Defense+ to paranoid mode, firewall to custom policy mode.
Result 230/340.
When I ran CLT.EXE CIS 5 didn’t even offer warning like it use to do in version 3 or 4.

How is that possible?
I’m using Windows 7x64

PS: Sandbox disabled on my PC always.

#2

Readme. :slight_smile:

#3

Thats why its always good to do a clean install of a major version. And its not a ggod idea to update a beta/RC to the final.

Thanx
Naren

#4

[at]burebista
OK I’ve read the instruction and found clt.exe in trusted files under Defense+. Everything else was as instructed. Result 200/340.

[at]naren
I will do a clean install and will report the findings.

#5

CIS 5 default settings I get 340/340.

#6

I’ve done a clean install and result was 330/340. Failed Coat.

PS: Even when no internet cable is connected it fails on Coat.

#7

Did you delete your internet explorer browsing history before running CLT (see recommendation #3 here)?

If not, empty your IE browsing history and then re-run CLT.

#8

@Whoop-dee-doo

Failed again.

#9

I also have a problem with CLT. I followed the instructions above to the letter and got 190/340 I kept pressing start and after a few more pop ups which I blocked I eventually got a result of 330/340 with the missing 10 being Coat the same as a person above has noted. I got good results ie 100% over ay Shields Up. I think this is a conflict problem between V5.0 and CLT rather than settings. It seems funny that so many of us are having the same problem on opening day. Apart from that v5.0 is working exceptionally well, better than the previous version I had installed it appears to be much faster and smoother on my PC anyway. I have never used CLT before just tested my PC at Shields up and never had a problem. Cheers Comodo on the latest and greatest.

#10

CIS 5 Complete (Vista 32) on default settings with sandbox enabled scores 340/340 either by sandboxing CLT.exe or without for me. :-TU

#11

Upgraded from V4 to V5 Using comodo installer and this is the results of the CLT: The only thing I changed is activating “Proactive Configuration”
COMODO Leaktests v.1.1.0.3

Date 5:30:51 PM - 9/15/2010

OS Windows XP SP3 build 2600

  1. RootkitInstallation: MissingDriverLoad Vulnerable
  2. RootkitInstallation: LoadAndCallImage Vulnerable
  3. RootkitInstallation: DriverSupersede Vulnerable
  4. RootkitInstallation: ChangeDrvPath Vulnerable
  5. Invasion: Runner Vulnerable
  6. Invasion: RawDisk Vulnerable
  7. Invasion: PhysicalMemory Vulnerable
  8. Invasion: FileDrop Vulnerable
  9. Invasion: DebugControl Vulnerable
  10. Injection: SetWinEventHook Vulnerable
  11. Injection: SetWindowsHookEx Vulnerable
  12. Injection: SetThreadContext Vulnerable
  13. Injection: Services Vulnerable
  14. Injection: ProcessInject Vulnerable
  15. Injection: KnownDlls Vulnerable
  16. Injection: DupHandles Vulnerable
  17. Injection: CreateRemoteThread Vulnerable
  18. Injection: APC dll injection Protected
  19. Injection: AdvancedProcessTermination Vulnerable
  20. InfoSend: ICMP Test Protected
  21. InfoSend: DNS Test Protected
  22. Impersonation: OLE automation Vulnerable
  23. Impersonation: ExplorerAsParent Vulnerable
  24. Impersonation: DDE Vulnerable
  25. Impersonation: Coat Vulnerable
  26. Impersonation: BITS Vulnerable
  27. Hijacking: WinlogonNotify Vulnerable
  28. Hijacking: Userinit Vulnerable
  29. Hijacking: UIHost Vulnerable
  30. Hijacking: SupersedeServiceDll Vulnerable
  31. Hijacking: StartupPrograms Vulnerable
  32. Hijacking: ChangeDebuggerPath Vulnerable
  33. Hijacking: AppinitDlls Vulnerable
  34. Hijacking: ActiveDesktop Vulnerable
    Score 30/340

(C) COMODO 2008

#12

donnyd,
please follow the instructions in this post, and see if your CLT score improves.

Note than you should have uninstalled CIS4, rebooted, and then Installed CIS5. If you updated CIS4 through the updater in CIS interface, your CLT results may be adversely affected.

#13

I followed the instructions to the t in the link below after having bad test scores 210/340, the only thing I was missing was to run CLT with the sandbox disabled first

https://forums.comodo.com/empty-t61715.0.html

and the final 2 test scores were 340/340

First with sandbox disabled, then with sandbox enabled Pass 100%

I also tested clt with Spyshelter, it blocked all but 2.

#14

Did a uninstall and install of V5 made a change to sandbox, unchecking “automaticlly detect installers/updaters” an received the following results: By checking the “automaticlly detect installers/updaters” I get very bad results.
COMODO Leaktests v.1.1.0.3

Date 8:31:00 PM - 9/17/2010

OS Windows XP SP3 build 2600

  1. RootkitInstallation: MissingDriverLoad Protected
  2. RootkitInstallation: LoadAndCallImage Protected
  3. RootkitInstallation: DriverSupersede Protected
  4. RootkitInstallation: ChangeDrvPath Protected
  5. Invasion: Runner Protected
  6. Invasion: RawDisk Protected
  7. Invasion: PhysicalMemory Vulnerable
  8. Invasion: FileDrop Protected
  9. Invasion: DebugControl Protected
  10. Injection: SetWinEventHook Protected
  11. Injection: SetWindowsHookEx Protected
  12. Injection: SetThreadContext Protected
  13. Injection: Services Protected
  14. Injection: ProcessInject Protected
  15. Injection: KnownDlls Protected
  16. Injection: DupHandles Protected
  17. Injection: CreateRemoteThread Protected
  18. Injection: APC dll injection Protected
  19. Injection: AdvancedProcessTermination Protected
  20. InfoSend: ICMP Test Protected
  21. InfoSend: DNS Test Protected
  22. Impersonation: OLE automation Protected
  23. Impersonation: ExplorerAsParent Protected
  24. Impersonation: DDE Protected
  25. Impersonation: Coat Protected
  26. Impersonation: BITS Protected
  27. Hijacking: WinlogonNotify Protected
  28. Hijacking: Userinit Protected
  29. Hijacking: UIHost Protected
  30. Hijacking: SupersedeServiceDll Protected
  31. Hijacking: StartupPrograms Protected
  32. Hijacking: ChangeDebuggerPath Protected
  33. Hijacking: AppinitDlls Protected
  34. Hijacking: ActiveDesktop Protected
    Score 330/340

(C) COMODO 2008

#15

CIS new installed…run the CLT for the first time,and cloud scanner alerts me.I report it to Comodo as a false positive,and run CLT. Proactive setup,Defence+ in safe mode,same the firewall,Sandbox enabled.CAV not installed,but this is not important.Obtained 140/340.
Deleted all the files related to CLT,disable Sandbox and run the test again.Defence+ alerted that is a malicious file,clicked allow and get the same results,140/340.

[attachment deleted by admin]

#16

Please see this post and my 2nd post in that same thread (my posts were updated shortly after your post). Most notably:

So, try CLT with the configuration that is suggested in the link above (now it suggests to test with sandbox disabled).

Also, CLT was reported as AV false positive and we are waiting for it to be de-listed.