CIS5 & CLT

mirk1989 · August 17, 2010, 1:01pm

I have run CLT with CIS5, and I have scored 320/340…

The vulnerable state is for these test:
Injection: SetWinEventHook
Injection: SetWindowsHookEx

SO: Windows 7 32bit virtualized with VirtualBox
Config: Proactive Security, SB disabled, D+ Safe Mode

Is a CIS5 bug or is due to virtualization??

pyridine · August 17, 2010, 4:21pm

The sandbox plays a major part with Comodo, it’s your final layer of security. So you can’t really say it missed some when you have it disabled.

mirk1989 · August 17, 2010, 5:09pm

I disabled SB to run CLT…

I know that when CLT runs, the sandbox should be disabled otherwise CLT would be runned in the SB and so the tests would be altered…

JoWa · August 17, 2010, 5:12pm

With sandbox enabled:

mirk1989 · August 17, 2010, 5:40pm

New tests

SB enabled, treat unrecognized files enabled, D+ safe mode:

Partially Limited: Score 150/340
Limited: Score 150/340
Restricted: Score 150/340
Untrusted: Score 150/340

SB enabled, treat unrecognized files disabled, D+ safe mode: Score 320/340

SO Win7 32bit (VirtualBox), CIS 5.0.158836.1079, Proactive Security

MrCaboose · August 17, 2010, 8:52pm

That doesn’t make any sense, with V3 and V4 all you need to do is set CLT as a “blocked application” and it jumps to 340/340, but now you need the sandbox to score perfectly?

JoWa · August 17, 2010, 9:10pm

I get 340/340 with sandbox disabled. XP SP3

Citizen_K · August 17, 2010, 11:47pm

I just got 340/340 on my Win 7 x86 on similar settings. That may be a clue it is that the VM is playing a role.

mirk1989 · August 18, 2010, 8:22am

As I tought, perhaps the cause is VM…
It is important that it is not a CIS5 bug on Win7… :-TU

egemen · August 18, 2010, 10:04pm

It is a bug of VirtualBox and hence CIS does not function properly in it.

arnyreny · August 18, 2010, 10:24pm

in default the sandbox is set to slightly limited, and then you get 320 out of 340.
cis should set this way, get 340 out of 340

http://img192.imageshack.us/img192/8171/settaggi.th.jpg

http://img230.imageshack.us/img230/2668/comodon.th.jpg

http://img210.imageshack.us/img210/3246/leakg.th.jpg

su seven 64 bit

JoWa · August 19, 2010, 6:38am

CIS 5.0.159634.1091, Internet Security, XP SP3

Partially Limited: 340/340
Limited: 330/340: 24. Impersonation: DDE Vulnerable :-\

hkjoj · August 20, 2010, 2:15pm

Is that a bug in Parental Control?

CIS 5.0.159634.1091, Firewall with D+, XP SP3

Partially Limited: 340/340 Parental Control (Disable)
Partially Limited: 330/340 Parental Control (Enable)

It failed the DDE item with Parental Control enabled and suppressed all alerts.