comodo failed to pass the Matousec test perfectly

Well, some people tested the Security Software Testing Suite(http://www.matousec.com/projects/security-software-testing-suite/) with new version of 3.5. However, CIS 427 failed to pass Kernel1(drive installation test) in the first three times. But it is weird that the result reversed after reinstalling comodo. So, what is your result ? And is there any explanation for the failures in the beginning?

My system specs are:
P4 HT 3 GHz and over 1gb ram available and XP sp3 32bit, HW DEP Optout.
Other apps: Comodo Safesurf, Unlocker assistant, Speedfan, Daemon tools 4.30.1 , CIS 3.5.54375.427, COMODO Vulnerability Analyzer 1.1.4, Logitech Setpoint 4.60.122

D+ mode: Safe mode

Using D+ standard config I was able to pass kernel1 test by means of denying a registry access.

Adding LocalSecurityAuthority.LoadDriver to Defense+ Tasks > Common Tasks > My Protected COM Interfaces > Groups [Pseudo COM Interfaces - Privileges] allow control over the LoadDriver privilege with an early alert and it provide an additional alternate way to pass kernel1 test.

I’m inclined to think the initial failures you reproduced at the beginning could be caused by cross-software conflicts. It could prove useful to reproduce them again and file a correspondig bugreport. If it really was a cross-software conflicts the incompatsw.ini file could be updated to prevent said scenario.

[attachment deleted by admin]

Thank u so much for answering so patiently and giving us a specific explanation!
By the way, what is the “COMODO Vulnerability Analyzer”? Interests me:)

Please browse the board. :wink: CVA is a little tool that checks for software updates.

LA

It scans your system for a list of know applications and check these app are updated or if there are know vulnerabilities for these apps. There is also an option to scan for missed Microsoft patches.

IIRC CVA is still beta altough IMHO is stable and already useful.

If you are willing to give it a try please submit the list of unknown apps to Comodo in order to increase the number of supported applications.

Early updates are one of the most useful security practices around. :-TU

Vulnerability Scanner Related links:
COMODO Vulnerability Analyzer - BETA Version 1.1.4.30 Released
Secunia Personal Software Inspector (PSI)

How safe is running this kind of tests?
I’m asking because I always read (here like in other similar tests, e.g. those ones by PCflanks) sentences like “You are running these tests at your own risks… these tests may produce losses of data… your PC might be blocked and a reboot required…” and so on

So I’m asking… do I risk something running them with COMODO installed? (S)

You could either test them within a virtual environment or in a testing system (real machine just for testing purposes).

Since leaktests can use some elaborate tricks they can theoretically affect system stability.

IMHO as long they are not run along with other app with unsaved documents most leaktests are reasonably safe.

There are also PoC (Proof of Concepts) that usually have a more broad meaning.

One of these PoC for example test an immediate reboot without any propmts. In these cases if the Poc is not blocked, unsaved data could be lost.

Other PoCs could test system stability so these case are more likely to trigger BSODs.

Running leaktests and som PoCs it would be useful to understand how to face specific threats.

Eg swithching CIS to Comodo - Proactive Security and D+ to safe mode it would be a good training to run AKLT to find out what alerts need to be blocked to prevent specific leaks.

Ok, I understand.
My concern was that with the leaktests something would have been installed on the PC, so that after that the test was finished the system could be damaged in some way
Do those leakests leave “something” on your PC?

AFAIK they should not as that wouldn’t be their purpose.

Where do I find this? to state explicitly Comodo Firewall Pro 3.0.22.349

Why do you want an such old version?

if u run leaktests on your system, make first a backup of your system then u can start testing cause all those tests are not safe from possible system troubles.
never use leaktests on your own system , always make a backup first.
there’s nothing that prooves leaktests are safe to use with no problem.