Comodo distinguishes itself again :)

http://syssafety.com/leaktests.html

This is a leaktest I have not tested before. It is about to kill processes (like security apps.)
One or more of the techniques it uses kills HIPS like Ghost Security Suite, process Guard. Which is kind of bad since I use GSS :frowning:
But I can allways rely on Comodo to stay alive. None of the 16 process killing methods could kill Comodo. “Access denied” on all of them.

(:CLP) (L)

One of the first things that a malware does is “dis-arm” the PC. Just like when a burglar comes into a home, first thing they do is to disable the burglar alarm, or when they are stealing a car, they disable the security system in the car.

So terminating a security application (firewall, AV etc) is what a malware is going to do first, and ability to resist these termination attacks (dis-arming attacks) must not succeed. Any malware can have this little app and attack any PC and dis-arm it if the security applications are not designed against these type of termination (dis-arming) techniques.

We will continually improve our “Self-Protection”.

Melih

More great news for Comodo!

[b] NICE/b

(V)

G’day,

Just a word of warning if you’re going to run all the SPT tests - option 3 (or was it 4) can cause a system hang. The firewall is not breached, but your system is unusable. This occured on three out of five PC it was tested on. The other two just produced an “Access denied” msg, but CPF blocked all attempts to terminate it.

Cheers,
Ewen :slight_smile:
(R)

Hi,

If You want to stop Comodo, try Gmer. This tool is freeware.

But better thing is that even after I had stopped cmdagent.exe and cpf.exe processes, all the rules of Comodo works. (:CLP) (May be I should close some more processes…)

Thanks!

Yes. Even if a virus somehow terminate CPF or cmdagent, it can gain nothing other than that is already granted.

If cmdagent.exe is terminated, then all internet connections will be blocked…

We intentionally allowed kernel level terminate requests to allow CPF to get along with Windows OS well.

But since CPF will also ask for driver/service installations in the upcoming versions, this wont be a problem.

Egemen

While everyone seems excited about Comodo passing leak tests, I thought I would share this with everyone. I am very pleased with CPF and will continue to use it because I really like it. On my computer it has failed PCFlank’s Advanced Port Scanner. It is one of these two, but never both at the same time; Port 12345 NetBus or Port 27374 SubSeven and recently Port 135 RPC (these ports remain closed). Normally my system passes and is in complete Stealth mode. I am using CPF out of the box and don’t plan messing with it. I used Jetico before CPF and it did the same thing except for the RPC port. Again as previously stated, I am very satisfied with this fine product. The above anomalies don’t concern me, but I feel worthy of mention.

Interresting but strange. If that would happen to me, I would be really worried. (I just did a scan at PCflank and all trojan ports were stealthed). They were blocked by the basic rule which is in the bottom of the list in Network Monitor:

BLOCK and LOG IP IN or OUT FROM IP [Any] TO IP [Any] Where IPPROTO iS ANY

You should have that rule too since it is there by default. If it is there at the bottom and you dont have any allow rule for those ports, it is very strange indeed.

Thanks for the reply, sukarof. I just ran the Port Scanner moments ago, and SubSeven 27374 was closed. Everything is as you stated.

I had port 137, 137, 138 closed and not stealthed, when i first run the advanced scanner. I turned off my routers firewall (DMZ) and i then passed all tests as stealthed… ;D

If i had more OS interaction programming experiance, not to mention the time i would have a ■■■■■ at the firewalls (-:

cheers, rotty