CIS with tweaked settings only scoring 120 on the comodo leal test.

Hi Everyone,

I just ran the comodo leak test and was shocked to see I only scored 120/340. My CIS 6.2 settings are as follows:

Proactive security = enabled
Antivirus = On access and heuristics set to high.
Hips = enabled and in safe mode
Behaviour blocker = Fully virtualized
Firewall = Custom ruleset, alert frequency medium, the following boxes are all checked: Filter IPV6 traffic, Filter loopback traffic, block fragmented IP traffic, Do protocol analysis, Enable anti-ARP spoofing.
I allow CLT to run unlimited when prompted by the BB and the Hips.
So could anyone please help me and explain why I’m only scoring 120/340 on CLT with these tweaked settings? I’m really concerned about this.

Here is the sheet showing what I’m vulnerable to: file:///C:/Users/Chris/Downloads/clt%20log%20(10-20-50%20AM%2007.30.2013).html

120/340 is unacceptable in my opinion, but maybe I’m missing something?

Read here

Thanks Jenny, but I’ve tried switching off the hips and leaving the bb on and vise versa and I still get 120/340. I’m not going to test it in internet security configuration as I run mine in proactive config so running in internet security config wouldn’t give results for the way I have my CIS setup.

120/340 for the way I have CIS setup is a terrible score.

You have it now, and will not work. Since the CIS already memorized.
Turn off the BB.
Remove the CLT and start again. Then pass the test.
Read my post in the topic. ( Edit: After pass test.
You can include BB in any mode and BB does not matter.)
Configuration Proactive Security.

Edit: Clear. Now I look.

I don’t think you’re understanding what I’m saying. I HAVE turned off the bb and deleted CLT and ran again and I still fail with a score of 120/340.

Just to add that on EVERY test so far I have the ‘remember my choice’ box un checked, but even then I’ve removed CLT and re ran it with bb disabled, still 120/340.

Then you disable the protection. Choose Run Isolated instead.

If you are sure that the application is authentic and safe and you simply want it to be allowed to continue then you should select [b]Run Unlimited[/b]. If you want the application not to be monitored in future, select 'Trust this application' checkbox. The application will be added to Trusted Files list.
If you are unsure of the safety of the software, then Comodo recommends that you run it with limited privileges and access to your system resources by clicking the 'Run Isolated' button. Refer to the section Unknown Files: The Auto-Sandboxing and Scanning process for more explanations on applications run with limited privileges.
https://help.comodo.com/topic-72-1-451-4706-Understanding-Security-Alerts.html

I understand fully security alerts and CIS. But this test needs to be allowed to run so as to check where the machine is vulnerable. Online armour free in default settings scores 340/340

Yes of course it has to be allowed to run, but not unlimited (= protection off). Run it isolated.

OK just ran fully virtualized and scored 140/340

When you run it virtualised, everything is allowed in the virtual file- and registry-system. Your real system is protected, but not the virtual system that CIS creates.

I just re ran at untrusted and scored 310/340 I only failed on DDE. But it’s still a fail.

Forgot to say.
Turn off the Sandbox.
340/340.

I’m not being rude Jenny but this is the third time I’ve told you that I’ve tried this test with the sandbox tunred off and scored 120/340.

With sandbox off and HIPS and firewall on you should get 340.

Well I’ve ran it 4 times now with firewall set to custom ruleset and hips in safe mode with the sandbox disabled and I get 120/340 every time.

What option did you choose in the HIPS-alert?

I chose Treat as > Limited application.

Lol goodbye Jenny. You seem to be very rude indeed. You ask me the same question 3 times and when I point this out you say goodbye. Way to show support :-TU

JoWa Thank you very much for your patience, I chose limited at the hips alert and indeed scored 340/340. Thanks again :-TU

Great to see that it works as intended. :-TU