Leak Test Assistance

Learn about Computer Security Leak Testing/Attacks/Vulnerability Research
#1

Hi

I use Win XP SP3 with Comodo PF plus Defense+. Defense + is set on Paranoid mode and the firewall on safe mode.

I just carried out the latest version of the CLT leak test and got 320/340.

Two items were regarded as vulnerable.

  1. HiJacking:StartUpPrograms

  2. HiJacking:ChangeDebuggerPath

QUESTIONS

A) Given the relatively aggressive protection settings why would the two items abovw be vulnerable?

B) More importantly what can I do to reset Comodo to pass the two tests?

Thank you for your help

Terry

#2

Evening Terry,

A: It Depends On The Protection Settings You Have It On, I’m pretty sure you have a different configuration on

If So> Right Click The Icon > Configuration > Proactive

B: Open Up CIS > Firewall > Advance > Network Security Policy > Remove CLT.exe > Apply
Open Up CIS > Defense+ > Advance > Computer Security Policy > Remove CLT.exe > Apply

Run The Test Again This Time When Alerted Select “Treat As” Blocked Application*/ Isolated Application**
*Firewall Alert
**Defense Alert

Can you Report Your Score?

CG

#3

Hi

Did as you requested exactly. Got 320/340 with the same two tests showing as vulnerable.

Terry

#4

I have asked other mods to help you with this issue

Please be patient :slight_smile:

CG

#5

Hi Tel,

Couple of qiuck questions.What configuration are you currently using?
To be able to max on the test your best being in “Comodo-Proactive security”
Also have a look under Defence+/Advanced/Image Execution Control Settings(set to normal)
Make sure everything is checked in Defence+ settings/monitor settings

Matty

#6

Another question Terry

What version of CFP do you have? If it is not the latest 3.5 you may not get the
test score you want.

John