CIS v5 and I failed PcFlank's Advanced Port Scanner and Leaktest tests

As I have stated, I have CIS installed and I have configured it as “Open my ports on a per-case basis”.
CIS passes the TCP SYN version of the test, but it fails the standard version: it says that ports 135, 137-139 are closed instead of stealthed.
Is there any way to fully stealth these ports from the Internet without messing up with private networking? I ask because I sometimes use my WiFi router, but I am most of the times directly connected.

EDIT: I’ll ask another thing. My comp has also failed the Leaktest- the app successfully injected itself into Internet Explorer 9 and sent a chunk of data without any alert. (O.O)

Did you turn off the sandbox prior to your test? the test was not designed for the sandbox and therefore gives mixed inaccurate results.

No need- I never use the Comodo Sandbox, and so I have disabled automatic sandboxing. (Only Sandboxie, and when I need to do some stuff with multiple sessions of the same navigator.)