Leak test result 20/330 even though I have Comodo configured as advised :-(

Hello

I hope someone out there can help please.
I have run the Comodo leak test several times (before and after tweaking my settings) and the best score I get is 30 / 330 but I can’t improve on 20 / 330 now.

My pc is 32 bit Windows XP home version. I am running Comodo Firewall 5.3.1 and Avira AntiVir personal (free)

Thank in advance!

I have followed the set up guide posted below:

Getting Accurate Leak Test Results
« on: September 14, 2010, 09:13:46 PM »


This guide should help you generate accurate test results when using Comodo Leak Test (CLT). This guide is meant for users of CIS 5 (also known as CIS 2011).

Note: there are specific circumstances when CLT reports very low scores. The moderators and developers are investigating these specific circumstances and hope to have more info soon. Based on current feedback from the developers, CLT can give erroneous and unreliable results when testing CIS in any configuration that is different from the one described below (it is a limitation within CLT). The reasons why CLT may give unreliable results when using other CIS configurations will be the topic of another FAQ post (as soon as we get more feedback from the developers).

  1. Make sure you have the following CIS settings:
    Configuration = proactive. [Proactive security is the strongest security configuration, and will provide the best protection against leaks. I suggest that you always use the proactive security configuration. To select this setting, click on the “more” tab, then click on “manage my configurations”. Select “proactive Security”, click “activate”, and then click “close”.]
    Firewall = safe mode, custom policy mode, or block all mode.
    Defense + = safe mode or paranoid mode
    Image execution control level = enabled [To set this, click on the defense+ tab, then click on “Defense + settings”, then click the “execution control settings” tab.]
    Detect shellcode injections = selected [To set this, click on the defense+ tab, then click on “Defense + settings”, then click the “execution control settings” tab. At the bottom of the window, select the check-box titled “Detect shellcode injections (i.e. Buffer overflow protection)”].
    Monitor settings = make sure all of the boxes are selected [To set this, click on the defense+ tab, then click on “Defense + settings”, then click the “Monitor settings” tab.]
    Sandbox = disabled [CLT was not designed to be used in a sandbox. If CLT is sandboxed, it will generate erroneous results!]

  2. Make sure there are no CIS rules that have been generated by having run CLT previously (i.e. remove rules for CLT):

    Defense+ Security Policy

Click the “defense+” tab at the top of the CIS window
Click “Computer Security Policy”
Click on “Defense+ Rules” tab. Scroll down the list of files. Select any entry that has “clt.exe” in the application name and click the remove button.
Click on “Always Sandbox” tab. Scroll down the list of files. Select any entry that has “clt.exe” in the application name and click the remove button.
Click on “Blocked Files” tab. Scroll down the list of files. Select any entry that has “clt.exe” in the application name and click the remove button.
click “Ok”

Unrecognized files

Click the “defense+” tab at the top of the CIS window
Click “Unrecognized Files”
Click on “Unrecognized Files” tab. Scroll down the list of files. Select any entry that has “clt.exe” in the application name and click the remove button.
click “Ok”

Trusted files

Click the “defense+” tab at the top of the CIS window
Click “Trusted Files”
Scroll down the list of files. Select any entry that has “clt.exe” in the application name and click the remove button.
click “Close”

Firewall Security policy

Click the “firewall” tab at the top of the CIS window
Click on “Network Security Policy”
Click on the “Application Rules” tab
Scroll down the list of files. Select any entry that has “clt.exe” in the application name and click the remove button.
click “OK”.

  1. Delete the Internet Explorer (IE) browsing history cache. Run IE, click on the “tools” menu, then select “internet options”. Click on the “general tab” and then click on the “delete” button under browsing history. You can also delete the browsing history using cleaning programs such as CCleaner or Cleanup! The reason why you need to clean the IE history: If CLT was previously run and previously failed “Impersonation: Coat”, IE will open the target webpage from the IE cache, and not through the leak, leading to a false failure of “Impersonation: Coat”. Erasing the browsing history ensures that IE cannot load the webpage from the cache and forces IE to load the webpage through the leak.

  2. Reboot your computer (The current version of CLT does not “clean out” some actions that it creates after it has been run. If CLT is re-run without rebooting, it may give an inaccurate score because of these left over actions. The only way to clean out these actions is to re-boot).

  3. Run CLT*. If you get an alert from the antivirus, click “ignore” and then “Add to trusted files” (the antivirus is alerting you that a leak test application has been launched [it’s flagged as “Application.Win32.LeakTest…”]; it is not saying that the file is malicious). The first alert that appears should be a defense+ alert that says “explorer.exe is a safe application. However, the executable clt.exe could not be recognized…” For this alert, make sure that “remember my answer” is unchecked, and then click allow. The CLT program window should appear. Click the “Test” button in CLT and, from this point onward, click “block” when a CIS alert appears. Now check your score. It should be 340/340.

    • Remember to run CLT with the sandbox disabled. If CLT is sandboxed, it will generate erroneous results! CLT was not designed to test HIPS security from within a sandbox.
  4. CLT was designed to test the HIPS component of CIS. Based on current feedback from the developers, CLT can give erroneous and unreliable results when testing CIS in any configuration that is different from the one described above (it is a limitation within CLT). The reasons why CLT may give unreliable results when using other CIS configurations will be the topic of another FAQ post (as soon as we get more feedback from the developers).

  5. If you still cannot get good score on CLT, try the following:

Run diagnostics [click on the “more tab”, then click “diagnostics”]. Repair any problem that is found with your CIS installation.
Perhaps your copy of CLT is corrupted. Download a fresh copy of CLT from here. Unzip the folder. Perform steps 1-3 above, then reboot. Then, run the newly downloaded CLT.

  1. If you still cannot get good score on CLT, start a new thread and we’ll try to help you. Please provide the following information in your post:

Your operating system (including service pack version if applicable, and whether you are running 32 or 64 bit version).
The version of CIS that you are using.
List any other real-time security or monitoring software that you have installed (including antivirus, antimalware, firewall, HIPs, behavior blockers, etc.)
The CIS settings that you have been using for the CLT tests
Your CLT score
If you still have the results, it may be helpful to post the names of the tests you failed.

[attachment deleted by admin]

Sorry I don’t know how to get all of the screenshots into one post :frowning:

[attachment deleted by admin]

I just reran this test on my system, CIS the latest release. I expected 330/340, but got 200/340.
Not one popup showed this time.
Not one rule for or against CLT in either Firewall or Defense+.

I am forwarding this to one of the Devs to look into.

Imagine my horror getting just 20 as a score ???

If I can’t find out what’s wrong very soon, I will uninstall Comodo and use a different Firewall. I don’t see what choice I will have, as it looks like my protection is not existant, and I don’t want to take the gamble.

Oh and I didn’t get any Comodo warning pop ups whilst running the test, yet I did have some from Avira. Thinking about it, I never get any pop ups from Comodo like I did in the ‘old days’ (less swanky versions)

Hmmmmm, something is really wrong…

CIS seems to be functioning properly and is protecting your system fully.
I still receive popups when something new is run. Most files are now contained in the cloud, so popups will be few.

Ay? I don’t get any pop ups! :smiley:

If my leak test results are as poor as they can possibly be, how does this prove CIS is working all well and good?
How come I get a 20 score compared to many folks on here who report they get the full 330 / 330, and that there’s no difference in how our CIS is working?

Now I’m really confused… :frowning:

Hi Clare,

I have the exact same issue as you

Did you manage to find a solution?

thanks

Hello

No, and I have tried everything including clean uninstalls / reinstalls of Comodo and the CLT file.

There are folks on this forum section freaking out because they are getting a 320/340 score, yet I’ve been told that my CIS is working fine with a score of 20. :-\

I’m getting nowhere fast trying to find a remedy, so unless a Comodo rep or similar can come forward and offer help / advice in the next day or so, I will switch to Zone Alarm. (That won’t be a loss to Comodo as I use their free utilities anyway 88))

I guessing there’s a conflict somewhere in your system (Avira ??).

This tests the HIPS (def+) of Comodo, not just the Firewall. Zone Alarm probably won’t get a
better score because it’s a Firewall only.

You should go to Comodo Firewall > Stealth Ports Wizard > Block all incoming Connections
and then go to GRC.com and run… File sharing …Common prts …All service ports…
It tests the Firewall only.
Shields UP!! — System Error

I’m curious what it says

Actually, if you have a router, it will be testing the router, not your software firewall.

Yeah, I always forget that some (most?) people have a router.
I’ve never had one.

You haven’t accidentally switched off Defence+ have you?
Even if you are leaving comodo, don’t switch to zone alarm, it has no HIPS and a weak firewall.
Have you allowed the comodo popups accidentally in the past?

I guess I should start my own thread, but I’ll just drop in to say I don’t feel so bad now. Misery likes company … okay, just kidding.

However, I’m a first time user (today) of Comodo Free Firewall. I also got a score of 20 out of 340. I was shocked to say the least.

I have been using Shields Up for years now and I went there after I saw the CLT score. According to the results of the different tests at Shields Up - I don’t show up on the Internet. No ports are open (even 135), I downloaded the company’s Leak Test and Comodo warned me that a – Malicious item has been detected! – when I went to run it. After I allowed the test to run the Leak Test reported that it was unable to connect with the Internet.

So all is good from that end, so perhaps I don’t need to worry about getting 20 out of 340.

I don’t mean to hijack the thread, but I was letting the OP know that perhaps all is not lost.

Cheers.