CIS weird leak-test fail

I am using CIS 3.9…509 with “proactive security” settings, firewall in “custom policy” and D+ in “safe mode” and it’s doing great. I’ve tried to run the Comodo Leak-test and CIS passed all of the tests except the “InfoSend: ICMP Test”.
when the firewall popup comes up, I click on “block” (without “remember my answer”), but the test says “vulnerable”. after the tests were done, I closed clt.exe and re-opened it. then, I ran the leak-test again, the firewall popup comes up, I click “block” and the test is passed.
these are the logs of the first and the second test:

test n°1

COMODO Leaktests v.1.1.0.3
Date 14.36.30 - 20/05/2009
OS Windows Vista SP1 build 6001

  1. RootkitInstallation: MissingDriverLoad Protected
  2. RootkitInstallation: LoadAndCallImage Protected
  3. RootkitInstallation: DriverSupersede Protected
  4. RootkitInstallation: ChangeDrvPath Protected
  5. Invasion: Runner Protected
  6. Invasion: RawDisk Protected
  7. Invasion: PhysicalMemory Protected
  8. Invasion: FileDrop Protected
  9. Invasion: DebugControl Protected
  10. Injection: SetWinEventHook Protected
  11. Injection: SetWindowsHookEx Protected
  12. Injection: SetThreadContext Protected
  13. Injection: Services Protected
  14. Injection: ProcessInject Protected
  15. Injection: KnownDlls Protected
  16. Injection: DupHandles Protected
  17. Injection: CreateRemoteThread Protected
  18. Injection: APC dll injection Protected
  19. Injection: AdvancedProcessTermination Protected
  20. InfoSend: ICMP Test Vulnerable
  21. InfoSend: DNS Test Protected
  22. Impersonation: OLE automation Protected
  23. Impersonation: ExplorerAsParent Protected
  24. Impersonation: DDE Protected
  25. Impersonation: Coat Protected
  26. Impersonation: BITS Protected
  27. Hijacking: WinlogonNotify Protected
  28. Hijacking: Userinit Protected
  29. Hijacking: UIHost Protected
  30. Hijacking: SupersedeServiceDll Protected
  31. Hijacking: StartupPrograms Protected
  32. Hijacking: ChangeDebuggerPath Protected
  33. Hijacking: AppinitDlls Protected
  34. Hijacking: ActiveDesktop Protected
    Score 330/340

test n° 2

COMODO Leaktests v.1.1.0.3
Date 14.51.55 - 20/05/2009
OS Windows Vista SP1 build 6001

  1. RootkitInstallation: MissingDriverLoad Protected
  2. RootkitInstallation: LoadAndCallImage Protected
  3. RootkitInstallation: DriverSupersede Protected
  4. RootkitInstallation: ChangeDrvPath Protected
  5. Invasion: Runner Protected
  6. Invasion: RawDisk Protected
  7. Invasion: PhysicalMemory Protected
  8. Invasion: FileDrop Protected
  9. Invasion: DebugControl Protected
  10. Injection: SetWinEventHook Protected
  11. Injection: SetWindowsHookEx Protected
  12. Injection: SetThreadContext Protected
  13. Injection: Services Protected
  14. Injection: ProcessInject Protected
  15. Injection: KnownDlls Protected
  16. Injection: DupHandles Protected
  17. Injection: CreateRemoteThread Protected
  18. Injection: APC dll injection Protected
  19. Injection: AdvancedProcessTermination Protected
  20. InfoSend: ICMP Test Protected
  21. InfoSend: DNS Test Protected
  22. Impersonation: OLE automation Protected
  23. Impersonation: ExplorerAsParent Protected
  24. Impersonation: DDE Protected
  25. Impersonation: Coat Protected
  26. Impersonation: BITS Protected
  27. Hijacking: WinlogonNotify Protected
  28. Hijacking: Userinit Protected
  29. Hijacking: UIHost Protected
  30. Hijacking: SupersedeServiceDll Protected
  31. Hijacking: StartupPrograms Protected
  32. Hijacking: ChangeDebuggerPath Protected
  33. Hijacking: AppinitDlls Protected
  34. Hijacking: ActiveDesktop Protected
    Score 340/340

I also tried the leak-test yesterday with the same results; first time - vulnerable, second, third, etc. time - protected, but I thought that maybe I erroneously clicked on “allow”. so I’ve tried it today, looked carefully everytime a popup appeared to select “block”, and these are the results.
I don’t know if it’s a bug or what.
thanks for the attention and keep up the good work! (V)

I had noticed this with Defense+ (3.5) a lot. If this is a bug then it needs immediate attention, because this particular behaviour means that CIS is inconsistent in working. You never know when it will and when it will not protect you.

Someone should have a look at this.