CPIL crashed my PC badly - not happy

Well, the CPIL suite is some bad ass piece of software, immediately after starting the first test it slowed down my PC, in such a way that I am unable to start any other app, after a while various weird error messages are thrown, not even CTRL-ALT-DEL is responsive anymore or even the power button, only option I have is pulling the plug. Have not had to do that in quite a while.

Not sure if I want to trust the security of my PC into the hands of developers who are ‘capable’ of writing such software, to be honest…

just wanted to share that.

ps. I am running XP SP2, MCAfee antivirus 8.0, Kerio personal Firewall 4.2.2, Firefox 1.5 and not much else. And disabling the antivirus and firewall don’t help.

Welcome to the forum!

Just because YOU have problem, doesn’t mean we all have problems! We are MANY that have tested the CPIL program, without the problems you have. :slight_smile:

I have tried that program on my fathers PC today, and all went well.

Sorry to see you have the problems you mention.

Are you using Comodo Firewall and Kerio Firewall at the same time? Just asking since you mention Kerio Firewall and are posting in the Comodo Firewall forum.

Can you share, step-by-step, what occurred when you ran CPIL? And did you run it against Kerio, or Comodo Firewall? This will help clarify what is going on.



First of all, Bluesman, I didn’t say everyone has a problem, just wanted to share the problems that I encountered, and the way my PC behaved after running the test suite, made me doubt the solidness of the software and thus the carefullness of the developers (especially since they operate in the area of computer security).
Anyway here are the details.

I have not installed the Comodo firewall. I do have Kerio installed, I tested the suite with and without Kerio enabled (however I do know that Kerio works using a kernel level device driver, that is probably still loaded even though the firewall is disabled).
I disabled the On-access scanner from Mcafee, and all it’s relevant security measures.
I closed all instances of Internet explorer, firefox etc.
Then started the test Suite and started test 1.
Nothing seems to happen. (waited quite long). And I am not able to start any other application or command, (not even rebooting). I tried several methods: Start menu, command prompt, Win+R, taskmanager+File/Run etc.
After a while (minutes) Explorer seems to crash. And all this time my PC is extremely slow, even though the taskmanager (that I started before starting the test), says 97%CPU time is IdleProcess.
Then finally there is a BSOD: C000021a Fatal System Error - The Windows Logon Process system process terminated unexpectedly.

I run the CPIL suite also on a different PC, (Win2K, Kerio 2.1 so older version) also there it managed to crash Explorer, but I was able to reboot.

Anybody else has similar problems with a setup like mine?

I think most of us in here use Comodo Firewall and run the test

I have a friend that use Kerio Firewall, I will try the CPIL prg on his computer when I visit him.

CPIL was developed by Comodo in order to test against leaks, because that was shown to be a top priority for users. Comodo wanted to have the absolute strongest firewall, and needed some different testing strategies, so they developed CPIL. Kerio may not be capable of handling it. :’(


doesn’t this also show that Kerio, not only cannot catch this, but can’t handle it and cause such a big issue for the user! So a malware could utilise similar techniques to mess up your machine by bringing Kerio to its knees!


No doubt about that! :wink: However, none of that helps prosumer1 at this moment. ;(

Prosumer1, I’m sorry you’re having this much trouble with CPIL. I’m thinking that what is probably happening is Kerio is trying desperately to fight the leaktest, and isn’t really capable of it. On the plus side, it doesn’t sound like the leak is succeeding, but simply because your system is crashing out. And yes, it’s my understanding that Kerio has drivers in place so even if you turn if off, you’ve still got some measure of protection. Good thing for a firewall. That may not be much comfort.

Please be aware, the leaktests are not malware; they merely simulate the actions/types of actions taken by malware. Comodo is very dedicated to providing the absolute best in security to their users; as such they spent a lot of time and effort to create a test that is rapidly becoming a standard for leaktesting.

On the shameless plug side, the answer’s simple ~ use Comodo (which is free) instead of Kerio, and pass all current known leaktests. Doesn’t mean it’s bomb-proof, but it’s the closest thing right now…


Thanks for all your replies.
However, I feel that you are pointing too quick to Kerio being the cause a bit too easy, I disabled the driver in the registry which makes no difference. True: probably best to completetly uninstall to be sure there is are no kerio components active, but it would be nice to see if there are other people using kerio that have the same problem.

I feel most of you are a bit biased towards Comodo, maybe rightly, but indeed, it doesn’t help me get an objective perspective on Comodo. The thing I wanted to express was that the impression I got from the way CPIL managed to crash my system (even if only indirectly due to kerio failing) was not a good one, and if Comodo Firewall is written in the same manner… And I am afraid that that is kindoff confirmed by what I read in other threads in these forums…

anyway, this subject is getting a bit out of hand, all I wanted to do was leaktest my current firewall and compare with Comodo.

thanks so far,

Have you asked about this in Kerio’s forum?
There might be some others that have tried Comodo’s leak test or other leaktests?
Read there first. You CAN have some problem with your install of Kerio or an OS problem.
You are complaining of objectivity from Comodo users, so please be objective yourself…
Don’t just take for granted that CPIL is badly programmed just because it doesn’t work for you.
Do also remember that a reboot is required after ALL leak testing, not only CPIL.

According to Matousec http://www.matousec.com/ Kerio didn’t pass CPIL.
If you read the first page news, there seems to be some other problem with Kerio and DLL injection.
I’m not trying to “back talk” Kerio or you here, but just pointing out that experts obviously have been able to run CPIL on Kerio if you look at the leaktest there.

Prosumer1, while yes, I admit to a Comodo bias (IMO, it’s simply the best firewall in existence today, thus my bias…), the main motivation in my response was to your initial post, comments as quoted above. Your approach seemed to be one of distrust towards Comodo as a result of the CPIL outcome.

In the world of computer security, one has to think like a hacker in order to create a defense against a hacker. It’s like the idea of thinking like a car burglar in order not to get your car broken into. In computers, this is called “ethical hacking.” It is a dedicated study of how such things/people operate, in order to build an effective defense. While this is not my line of work, I know some for whom it is, and it’s pretty interesting, really. Comodo has obviously put this type of method to work for them, in developing their security products.

In that respect, CPIL is not a “bad ass piece of software” developed for untrustworthy purposes. It was developed by Comodo for Comodo, so as to fully test an aspect of their security software against potential leaks. It was so well executed that independent testers are taking it up and using it as part of their testing against other firewalls.

Unfortunately I cannot clue you in as to CPIL’s results when run against Kerio, as I don’t use Kerio; and as with any application, there are other aspects of computer software configuration that can cause difficulties. Case in point, on my machine I am unable to run Prevx1. Prevx1 is a known, reliable, trustworthy, safe application, but it freezes my computer so hard I have to physically disconnect all power sources in order to get it to release (power button isn’t sufficient). Yet it works very well for others. So it’s not Prevx’s fault; it’s just the way it is on my system, with my configuration. That’s computers.

AOwlTM has a good point; to check the Kerio forums. It’s possible you may find some help there, from other Kerio users.

I sincerely hope that you can figure out exactly what happened; I think it is most likely a combination of things on your system interacting in a less-than-optimal way, which has caused your symptoms.


First thanks for the extensive efforts.
I uninstalled my Kerio firewall, problem isn’t different. So, must be something else.

Maybe the term ‘bad ass piece of software’ was unjust, I wanted to express what it managed to do to my system. Don’t think it has ‘unthrustworthy purposes’ otherwise I wouldnt have run it. Also I don’t have a distrust towards Comodo. Based on the way CPIL crashed my system I just had doubts on the software quality.
But I think some mitigation is in order, I agree that firewall leak testing is operating by definition on the edges of computer stability. That said, however, the malware that I encountered untill now, has never crashed my system like CPIL did. so they must be doing something ‘better’ :-). (that last bit is meant as a joke).

I tried to find what leaktest 1 exactly does, but could not find that info. Does anybody know that?
I guess open-source is not a supported philosphy for CPIL ?

That “Comodo fw vs Leaktests” PDF document is a good read though!


Here’s a link to Matousec’s list of leaktests they performed in their recent firewall testing series. http://www.matousec.com/projects/windows-personal-firewall-analysis/introduction-firewall-leak-testing.php#description-leak-test-software

They describe both CPIL and CPIL Suite, what they do and how they do it (in brief terms), and provide links back to Comodo on both. They also provide information and links on the rest of them, if you’re interested in trying others out… :wink:

Hope that will help answer your question there. If you want/need more info than that, I don’t have it. ;D Obviously Comodo does; I don’t know to what extent they share that publicly.