WIN 7 Premium x64, Comodo 5 - Latest version
Firewall configuration, Defense+ and Firewall set to Safe. Default Comodo generated firewall rules, Ports set to Stealth.
Looks like I have to set the Firewall to Custom to trap unknown outbound requests? Also Avast 6 failed the spyware test big time.
[attachment deleted by admin]
Correction. Defense+ scanned sop.exe which was the program PC Security was using to initiate the outbound connection and found it to be safe? This is why the connection suceeded.
Kind of defeats this test. Perhaps Comodo should mark it as “unsafe?”
As a footnote, sop.exe is malware associated with a hack kit. Appears PC Security modified it to be benign for testing purposes. It does not have a certificate.
Because this test is not malware its self.
May be it should be marked as Untrusted/Leaktest program. The AV has alerts telling a program it is a leaktest program. Now you will have to go through hoops to run the program as untrusted to see the protection CIS gives.
To pass this test you need to notch up D+ to Paranoid, disable both the sandbox and Automatically trust the files from the trusted installers and deny sop.exe to access the Windows Socket. Then I got the 100% score.
When sandboxing the program it stalls at part 3 of the test. To get CIS to run the test tool sandboxed some more measures needed to be taken. I had to tak Axbx from the Trusted Software Vendor list, disable both Cloud look up options in Image Execution Settings and remove the test tool from Trusted Files where it ended up while I was testing and trying.
Hi, Eric. I am following you on this.
However, makes me pause and think that the developers of this basic test software accomplished what they intended; simulate malware “dialing home.” After all Defense+ does not guaranty 100% detection of malware; no anti-malware software does.
The only way your 100% going to block malware “dialing home” is to be alerted to every outbound connection for which an explict firewall rule does not exist; i.e. Comodo firewall custom policy mode. Now you can argue that this will never happen on a clean PC - the classic Microsoft argument. However, today’s polymorphic malware strains make the likelihood of something nasty being downloaded to your PC quite high. Now your anti-malware will probably catch it when it turns into true malware but a lot of data from your PC could have been uploaded in the meantime.
D+ does not detect malware: it gives the user insight in program behaviours and enables the user to then decide.
I could block the program from calling home; in fact I got 100% score. But I had to chop away all the usability stuff first that was in the way from running the program as a non trusted program (like any malware would be run). The problem with testing was that the program itself and its vendor are trusted by Comodo.
Once I could run it as untrusted program in Paranoid Mode I could block all actions and get the 100% protection. When CIS in Paranoid Mode can catch it that means CIS is capable of blocking. In this case the white listing is skewing the results; things were allowed that an unknown program never would have been allowed.
The only way your 100% going to block malware "dialing home" is to be alerted to every outbound connection for which an explict firewall rule does not exist; i.e. Comodo firewall custom policy mode.A malware is not white listed and then even in Safe Mode CIS will alert.
Now you can argue that this will never happen on a clean PC - the classic Microsoft argument. However, today's polymorphic malware strains make the likelihood of something nasty being downloaded to your PC quite high. Now your anti-malware will probably catch it when it turns into true malware but a lot of data from your PC could have been uploaded in the meantime.Again malware is not white listed. So the Firewall would alert for outgoing traffic in Safe Mode.
It is unfortunate the test tool does not work completely in the sandbox. It simply stalls. That is a shortcoming of the tool; it is not prepared for security with sandbox… time to go back to the drawing boards for them…