Comodo Internet Security Version 5.4.189822.1355 failed the CLT. [Resolved]

Comodo Internet Security Version 5.4.189822.1355 failed the CLT. Why?

We would very much appreciate it if you would edit your first post to create an issue report in line with the bug forum guidelines and format here. You can copy and paste the format from this topic.

To understand the reasons why we ask you to follow these guidelines please see below.

Bugs/issues can be impossible or very time consuming to fix if developers don’t have enough information to reproduce them. Since CIS is free, development time is limited. So if you want your issue fixed, please use the format below to describe it.

To avoid clutter, issues not described in the format below your post will not be moved to the ‘moderator verified’ issues topic. This means that the developers may not look at it.

Best wishes and many thanks in anticipation


Instructions for Comodo leak test (including how to make sure you get an accurate score) can be found at this link. Please follow those instructions to make sure you are getting an accurate leak test result.

HIPS is set to “untrusted” application, CLT run in the sandbox.


Please read the information posted here to get accurate leak test results. If you do not get 100% pass after following those instructions, then please provide the information requested at the end of instructions.
Note that CLT should not be run in the sandbox.

Comodo Internet Security Version 5.4.189822.1355 CLT identified as untrusted application and is automatically launched his sandbox.
CLT test is not passed.
In the sandbox hole.
Means and other malware will not be isolated in a sandbox and can harm your computer.

Kefir, You are incorrect. CLT was designed to test a HIPS and was not designed to test a sandbox. Therefore, the results of CLT (or any other leak test program) are only valid when you are running it outside a sandbox.
This is not a failure of Comodo, this is a failure of the user to utilize the leak test correctly. The link that I provided to you in my previous posts explains all of this (so, please read the information that is posted there).

As far as the comodo sandbox, Comodo has tested it against a huge number of malware, and as far as I know, it has not let anything create an active infection after reboot. I am not a fan of how they implemented the sandbox (for example, it will still leave inactive dropped files behind). However, I do not know of a reliable way to test a sandbox besides running active malware in it (which comodo has done and the sandbox worked as intended).

What Whoop is saying is right kefir. I’ve used CLT extensively to test CIS and you do have to be very careful how you use it.

Please do read the post he has referred you to, then you can test CIS properly and if you still find a vulnerability please do post it here.

Best wishes


I do not think that there are malicious programs that need to be run separately in the sandbox, and others not in the sandbox.
If the CLT simulates the behavior of malicious programs and performs its actions in the sandbox, then hence the malicious programs can perform the same actions. They will not be isolated and a computer with personal data will be threatened.

Comodo Internet Security Version 5.4.189822.1355 need to seriously fix it!

The sandbox is performing admirably, it is not allowing you to run CLT as it should be run. You MUST run CLT outside the sandbox in order to obtain accurate and correct results.
Anything else is wasting your time, as results will be invalid.
(Modules that think they passed and those that think they fail are quite possibly false when run inside the sandbox). Remember, the sandbox allows applications to think they have access to various parts of your system when in fact they don’t.

clt does not simulate a malicious program. what it does is check for vulnerabilities in your firewall/protection. it is meant to test comodos hips not sandbox. they need to redesign CLT for the sandbox.

“Comodo Firewall Test Suite is an all-in-one application that sequentially launches 34 of the most effective leak tests against your computer’s security. When the full cycle of tests has been completed you will be provided with detailed results that will inform you which individual tests your system is vulnerable to.”
from Test My PC Security

Comodo Internet Security Version 5.4.189822.1355 failed 2 tests of 34 (№ 23 and № 24).

23. Impersonation: ExplorerAsParent
What does it do? Tries use explorer.exe to connect to the Internet.
What is the risk? Firewalls may miss the real applications behind the internet connection requests.

24. Impersonation: DDE
What does it do? Tries to use Direct Data Exchange (DDE) to control IE’s behavior and transfer data to the Internet server
What is the risk? Firewalls can be bypassed and malicious files can be downloaded from the trusted browser process.

Tests were performed under identical conditions (in the sandbox).

Means to correct errors in the Comodo Internet Security Version 5.4.189822.1355 to pass the tests number 23 and number 24.

I got 340/340 with Proactive security (Defense+ safe) and sandbox turned off. :-TU

Did you follow the detailed instructions here exactly regarding use of CLT?

Did the ie browser instances invoked by these tests actually display any pages?

Best wishes


Comodo Internet Security Version 5.4.189822.1355 not protect your computer from the leakage and theft of personal data.

mod edit: BOLD & MOVE tags removed for readability. kail

Actually I have just tried runnng CLT in precise accordance with Whoops guidlines, with the execption of the sandbox, which I had enabled. I chose to sandbox clt.exe in response to the unlimited access alert.

The results were that CIS passed all tests apart from the DDE test, which tries to use Direct Data Exchange (DDE) to control IE’s behavior and transfer data to the Internet server.

Although the results page suggested that it failed the DDE test, it in fact displayed a blank page, not the Comodo test page, so actually no data was passed to any server. This appears to be because the browser was automatically sandboxed, and was restricted from internet access - opening another tab/nstance in the same context resulted in another blank page.

So CIS appeared to fail the CLT test when CLT was sandboxed, but actually it passed it, as no data was transferred. This seems to represent a tightning of security by Egemen in version 5.3-5.4, as the sandbox did struggle with DDE/‘explorer as parent’ in previous versions.

My setup: XP SP3, Admin account, CIS 5.4, IE8, all CIS settings apart fom sandbox as per Whoops instructions.

Best wishes


Comodo Internet Security Version 5.4.189822.1355 defines files SetWindowsHook.dll and SetWinEventHook.dll as safe and therefore did not pass the tests number 23 and number 24.

Kefir doesn’t seem to understand what the sandbox does.
He also doesn’t seem to understand the sentence… “CLT was designed to test HIPS and was not designed to test a sandbox.”

I got a perfect 340/340.

That will be because you didn’t follow Whoops guidelines. I don’t think we are getting anywhere in this discussion regrettably - there’s really no bug - so I’m marking it resolved and locking it. Hope that’s OK

Best wishes