I am running XP Pro SPII, currently protected by Comodo Firewall 126.96.36.199, Prevx1 2.0.5 Build 6 and NOD32, all are fully up to date. (:AGL)
The CPIL Test Suite was run and Comodo Firewall identified, and I blocked, each of the attempts to send the data to the web site.
Very shortly after running the CPIL Suite Tests a few Warning Messages pop up in quick succession, all indicate that “IE explore” requires permission to… In the main body of this information text there is clear mention of CPIL in combination with other familiar elements of other programs running on the machine.
I became confused by these Pop Up messages and faced with two choices:
Deny these requests because of the danger suggested by the mention of CPIL.
But if this option is taken access to the internet is cut off.
Allowing may enable CPIL, if it were truly nasty, send information back to its masters.
Please can somebody tell me the correct decision Deny or Allow?
Clarification as to the function differences between using or not using the pop up Warning Message Check Box “Always Remember This Choice” would be useful. Not using it implies that the choice would be applied once only but in use this does not appear to be the case.
I am probably missing something elementary and I would be most grateful for an indication as to what is likely to be displayed in the Warning Message if a real threat of the three CPIL types occurred?
I was directed to Comodo from Castlecops, quite the best link I have followed for a long time.:BNC
Sincere thanks to the Comodo Team for providing CPF (:CLP) and warmest seasons greetings to you all.
Categorically, after each individual leaktest, you should reboot! Yes, even in between CPIL 1, CPIL 2 and CPIL 3. Leaktest are designed to screw around with things at a low level. When CPF blocks the outbound attempt, the leaktest is still there in memory.
In the words of St. William of Redmond - Reboot, reboot and sin no more!
Thanks for your input panic, I do not recall seeing and directions to this effect when carrying out these tests. In saying that I am not implying that the directions do not exist but they certainly need highlighting and improved prominence. A sort of cigarette packet job,
WARNING USING THIS PROGRAM CAN DAMAGE YOUR COMPUTER
In my case regaining access to the internet forced a re-installation of CPF and the test .exe was placed immediately in my specifically banned list.
There is a need for guidance, in my case at least, on how to handle the pop up message situation should truly vicious malware strike.
The Pop Up appears
The warning message is read, but is highly unlikely to be fully understood.
The request would therefore be Denied.
If the Parent is “iexplore.exe” access to the internet is ceased.
The machine is re-booted
What is the scenario now?
[Where is the malware, is it secured, what action has to be taken, etc.]
At 4 the internet access may not be ceased but 6 still applies.
If there is more documented material available please can someone point toward it, or advise what has been overlooked in this exercise?
My first reaction in a real life incident would be to pull the plug on the internet connection, preventing the malware sending outbound or perhaps getting incoming help. I have no idea whether such action would be useful, but doing something positive is better than sitting looking at the screen.
I am seeking to collect the information that will benefit anyone finding themselves in a desperate situation, forewarned being forearmed.
You may have noted the avoidance of the use of “panic” for obvious reasons, a very apt handle in this case. I hope it did not originate because of a disaster. (:WIN)
At that time it appeared to have “stalled” before reaching any conclusion. With fresh input from panic it has sprung back into life and provides many of the answers needed. I would suggest that interested readers glean what they can from that thread.
When I have taken on board all the information, that I am capable of retaining, I will attempt to write it up [with due credits] in a check list fashion. This will be done off Forum and I will seek clearance for any subsequent posting.