CIS improvement

Learn about Computer Security Leak Testing/Attacks/Vulnerability Research
#1

Hi

win xp 32 sp2
comodo boclean
comodo CIS with: AV on, FW custom, DF in safe mode.
I add the clp.exe to DF in custom policy with everything blocked.

I ran clp.exe and block all the pop-ups
The result is 300/340

COMODO Leaktests v.1.1.0.3
Date 10:19:58 AM - 3/31/2009
OS Windows XP SP2 build 2600

  1. RootkitInstallation: MissingDriverLoad Protected
  2. RootkitInstallation: LoadAndCallImage Protected
  3. RootkitInstallation: DriverSupersede Protected
  4. RootkitInstallation: ChangeDrvPath Protected
  5. Invasion: Runner Vulnerable
  6. Invasion: RawDisk Protected
  7. Invasion: PhysicalMemory Protected
  8. Invasion: FileDrop Vulnerable
  9. Invasion: DebugControl Protected
  10. Injection: SetWinEventHook Vulnerable
  11. Injection: SetWindowsHookEx Vulnerable
  12. Injection: SetThreadContext Protected
  13. Injection: Services Protected
  14. Injection: ProcessInject Protected
  15. Injection: KnownDlls Protected
  16. Injection: DupHandles Protected
  17. Injection: CreateRemoteThread Protected
  18. Injection: APC dll injection Protected
  19. Injection: AdvancedProcessTermination Protected
  20. InfoSend: ICMP Test Protected
  21. InfoSend: DNS Test Protected
  22. Impersonation: OLE automation Protected
  23. Impersonation: ExplorerAsParent Protected
  24. Impersonation: DDE Protected
  25. Impersonation: Coat Protected
  26. Impersonation: BITS Protected
  27. Hijacking: WinlogonNotify Protected
  28. Hijacking: Userinit Protected
  29. Hijacking: UIHost Protected
  30. Hijacking: SupersedeServiceDll Protected
  31. Hijacking: StartupPrograms Protected
  32. Hijacking: ChangeDebuggerPath Protected
  33. Hijacking: AppinitDlls Protected
  34. Hijacking: ActiveDesktop Protected
    Score 300/340
    (C) COMODO 2008

How can I improve the 4 “vulnerable” test?

Thanks

#2

Is your CIS set to the Proactive Security configuration? If not, set it:

Right click Comodo tray icon → Configuration → COMODO - Proactive Security

Reboot (required)

Run the test again

Hope this helps :slight_smile:

#3

Hi Beanie

thks for your replay.
Yes CIS is config. with the proactive settings. (I forgot to mention that)

Cris

#4

Hey Cris_Na,

Would you mind listing your Defense+ Settings and Image Execution Control Settings?

[b]Defense+ → Advanced → Defense+ Settings

Defense+ → Advanced → Image Execution Control Settings[/b]

#5

Here are the pictures:

Cris

[attachment deleted by admin]

#6

Well that looks fine. I honestly cannot think of a reason why you didn’t get full marks! That’s pretty much the same configuration as me, and I got 340/340 ???

Maybe someone else has a suggestion?

Sorry I couldn’t be of much help.

Beanie

#7

Hi Beanie,

thanks for your help.

The problem is that I cannot find a description of the test to guide me to the right direction…:slight_smile: or to the right settings.

Thanks again

Cris.

#8

Did you check all the feedback in these threads?

https://forums.comodo.com/leak_testingattacksvulnerability_research/leak_test_results-t30164.0.html

https://forums.comodo.com/leak_testingattacksvulnerability_research/comodo_leak_test_suite_updated_version-t30110.0.html

There might be something that could point you in the right direction :slight_smile:

Beanie