Comodo Leaktest says score 140/340

Hi there,
I ran Comodo Leaktest just a couple of minutes ago and it gave my system a score of 140/340.

COMODO Leaktests v.
Date 20:16:31 - 24/03/2010
OS Windows Vista SP2 build 6002
4. RootkitInstallation: ChangeDrvPath Vulnerable
6. Invasion: RawDisk Vulnerable
8. Invasion: FileDrop Vulnerable
10. Injection: SetWinEventHook Vulnerable
11. Injection: SetWindowsHookEx Vulnerable
12. Injection: SetThreadContext Vulnerable
13. Injection: Services Vulnerable
15. Injection: KnownDlls Vulnerable
16. Injection: DupHandles Vulnerable
18. Injection: APC dll injection Vulnerable
19. Injection: AdvancedProcessTermination Vulnerable
21. InfoSend: DNS Test Vulnerable
24. Impersonation: DDE Vulnerable
25. Impersonation: Coat Vulnerable
26. Impersonation: BITS Vulnerable
28. Hijacking: Userinit Vulnerable
30. Hijacking: SupersedeServiceDll Vulnerable
31. Hijacking: StartupPrograms Vulnerable
33. Hijacking: AppinitDlls Vulnerable
34. Hijacking: ActiveDesktop Vulnerable
Score 140/340

What can I do to fix this? :S

Windows Vista SP2 fully updated, avast! 5.0.462 free, CIS 4.0.138377.779, MBAM 1.44, Windows Defender active.

Dismiss my previous post. Disabled some options in Sandbox (Automatically recognise installer/updaters and run them outside Sandbox) and I started getting crazy thanks to our dear D+ alerts.
Blocked them all systematically and got 340/340 xD

I got no more than 160/340 before I saw yours post here :wink: Anyway, I can’t get more than 320/340. I have problem with:

  1. InfoSend: DNS Test
  2. Impersonation: Coat

What could be a problem and solution?
UPDATE: Change CIS from Internet security to Proactive security. Now I get only Impersonation: Coat.

BTW If you just click cancel on Comodo’s alert during CLT, you get only 2 pop ups and same result as if you are clicking block button on and on.

Haha, I love Default Deny xD
I got 340/340. Enable ALL options under Image Execution Control Settings, Defense+ Settings (Paranoid Mode) and of course, disable “Automatically run unrecognized programs inside the Sandbox” and “Automatically recognize installers and run them outside the Sandbox”.

That did the trick for me :slight_smile:

Definitely there should be a note to unmark few things in sanbdox settings. Otherwise there is no difference between running CLT with or without CIS.

I played with CLT and CIS so long, that I had to re-install web browser and again configure CIS :o

Guys if you have Comodo FW with Windows 7 please configure it to firewall security then try CLT.exe ;D you’ll be surprised yes your score will be 100% try and let me know…

This is how I get 340/340 I set CIS to proactive mode. Then I go to the firewall settings, to the setalth port wizard, and select “alert me to incoming connections…”, then I go to the sandbox setting and uncheck " automatically detect installers and run…" how run the leaktest, if you block everything you will see that it passes just fine without too many questions.

Languy, I’ve tried your settings with CLT and I’m still failing both Impersonation: DDE and Impersonation: Coat. Any thoughts? Thanks.

it tends to happen on some systems, it happens on mine too. The new 4.1 version fixes all that.

Thanks. After I posted here, I saw you had posted that in another thread. Anyway, I’ll await 4.1 then.

same thing for me , i’m getting mad trying to understand why it fails with sandbox on and it passes perfect with sandbox off… v4.1 didn’t change anything… >:-D >:-D >:-D >:(

CLT was not designed to be used in a sandbox. It was designed to test the firewall and D+/HIPS only
Using it inside a sandbox or with a sandbox gives erroneous results

and Yes, you can enable the sandbox without compromising security. The CLT program is not designed to test the sandbox, and that it why you are supposed to turn off the sandbox for the test. The developers tested 15,000 malware files against the sandbox, and none of the malware files were able to run after rebooting (some harmless files may get dropped on your hard drive, but the malware cannot “infect” your computer and cause harm).;msg443168#msg443168