On WinXP x64 sp2(updated) and the lastest version of comodo with default settings
COMODO Leaktests v.1.1.0.3
Date 11:05:41 - 24/11/2008
OS Windows XP SP2 build 3790
RootkitInstallation: MissingDriverLoad Protected
RootkitInstallation: LoadAndCallImage Protected
RootkitInstallation: DriverSupersede Protected
RootkitInstallation: ChangeDrvPath Vulnerable
Invasion: Runner Protected
Invasion: RawDisk Vulnerable
Invasion: PhysicalMemory Protected
Invasion: FileDrop Protected
Invasion: DebugControl Protected
Injection: SetWinEventHook Vulnerable
Injection: SetWindowsHookEx Vulnerable
Injection: SetThreadContext Protected
Injection: Services Vulnerable
Injection: ProcessInject Protected
Injection: KnownDlls Vulnerable
Injection: DupHandles Protected
Injection: CreateRemoteThread Protected
Injection: APC dll injection Protected
Injection: AdvancedProcessTermination Vulnerable
InfoSend: ICMP Test Protected
InfoSend: DNS Test Protected
Impersonation: OLE automation Vulnerable
Impersonation: ExplorerAsParent Vulnerable
Impersonation: DDE Vulnerable
Impersonation: Coat Vulnerable
Impersonation: BITS Protected
Hijacking: WinlogonNotify Vulnerable
Hijacking: Userinit Vulnerable
Hijacking: UIHost Vulnerable
Hijacking: SupersedeServiceDll Vulnerable
Hijacking: StartupPrograms Vulnerable
Hijacking: ChangeDebuggerPath Vulnerable
Hijacking: AppinitDlls Vulnerable
Hijacking: ActiveDesktop Vulnerable
Score 150/340
Defense+ in paranoid mode and checking all the monitor settings options
COMODO Leaktests v.1.1.0.3
Date 11:18:42 - 24/11/2008
OS Windows XP SP2 build 3790
I have deleted ctl.exe from from both network policy and computer policy and them i ran again the test blocking all the request but uncheking the checkbox of remember answer.
The settings are:
Defense plus: paranoid mode, monitor settings (all options checked)
Firewall: safe mode
COMODO Leaktests v.1.1.0.3
Date 21:55:49 - 24/11/2008
OS Windows XP SP2 build 3790
RootkitInstallation: MissingDriverLoad Protected
RootkitInstallation: LoadAndCallImage Protected
RootkitInstallation: DriverSupersede Protected
RootkitInstallation: ChangeDrvPath Vulnerable
Invasion: Runner Protected
Invasion: RawDisk Protected
Invasion: PhysicalMemory Protected
Invasion: FileDrop Protected
Invasion: DebugControl Protected
Injection: SetWinEventHook Vulnerable
Injection: SetWindowsHookEx Vulnerable
Injection: SetThreadContext Protected
Injection: Services Vulnerable
Injection: ProcessInject Protected
Injection: KnownDlls Vulnerable
Injection: DupHandles Protected
Injection: CreateRemoteThread Protected
Injection: APC dll injection Protected
Injection: AdvancedProcessTermination Vulnerable
InfoSend: ICMP Test Protected
InfoSend: DNS Test Protected
Impersonation: OLE automation Protected
Impersonation: ExplorerAsParent Vulnerable
Impersonation: DDE Protected
Impersonation: Coat Vulnerable
Impersonation: BITS Protected
Hijacking: WinlogonNotify Vulnerable
Hijacking: Userinit Vulnerable
Hijacking: UIHost Vulnerable
Hijacking: SupersedeServiceDll Vulnerable
Hijacking: StartupPrograms Vulnerable
Hijacking: ChangeDebuggerPath Vulnerable
Hijacking: AppinitDlls Vulnerable
Hijacking: ActiveDesktop Vulnerable
Score 180/340
I have run the test again with the proactive security profile and the result have been “Score 170/340”
maybe the problem is that my OS is x64 and the ctl do not work fine, I reply more messages than tests have the CTL, and the test suite ends before i end to block the requests.
Or maybe the problem is COMODO because I block a lot of request to open internet explorer, and CTL open some windows of ie.
I have put Firewall and Defense+ in Safe Mode and CIS in Proactive Security Configuration.
I have added my configuration file of comodo, and a video of all the process. I could not attached to the post the files so i upload it to megaupload please donwload it.