Leak Tests - Understanding Results

I have CIS 4.0.129536.679 Beta 2 installed and gave it some runs through Leak Tests.

  1. Running Leak Tests on xxx.581 Final resulted in 340/340 blocking all prompts. Great!
  2. Running Leak Tests on 4.0.129536.679 Beta 2, sandboxed, blocking all prompts, results in only 190/340
  3. Running Leak Tests on 4.0.129536.679 Beta 2 with sandbox disabled, blocking all prompts, results in 330/340 There was one vulnerability: Invasion: Coat

I’m a novice at firewall testing. Could someone explain these results? Shouldn’t sandboxing be safer? Is Leak Tests fooled because it’s in the sandbox? I tried many configurations but I can’t get a “Protected” response for Invasion: Coat.

I would just like to understand why this beta fails so badly with sandboxing enabled. I’m beginning to feel better protected with sandboxing disabled. I’m new to sandboxing and I’m just trying to understand how it works.

Now that has left me confused! :o

i got 30/340 with cis v4 beta2 with sandbox enabled. i allowed the leak test to run with high privilegies, blocked all outgoing trafic for it. why does it fails so miserably ? isn’t the test sandboxed by default ? what happened ? the leak test left me feeling raped … :((


if i specifically run the test sandboxed i get 220/340. i have win xp pro sp3 updated.

Just for kicks, try running it with the sandbox disabled and block all requests. I expect you’ll get a near perfect score!

A little note from 3xist on the bad CLT results:


i tried CLT.exe on a windows 7 64 home premium installed into VMware.
i used Defense+ in paranoid mode and the FW in custome mode.
so each time i had an alert of the Defense+ i clicked block this activity and remember my answer.
so like that i finished the all Defense+ alerts without a failure. i scored 340/340

when i tried the sandboxie, i chosed untrusted application and launched CLT.exe
the final score was 260/340.
vulnerable to invasion : filedrop (1)
injection : setWinEventHook / setWindowsHookEX / services (3)
hijacking : userinit / supersedeservicedll / startup programs / appinitDlls (3)

good new, the defense + is still as good. about sandbox, if the test fails, we dont care if the leaktest modified the virtual sandbox files and keep the real system 100% clean. so how did work the sandbox ? it launched the CLT in the virtual aera or the real system was damaged ?

Hi ailef,

See this post. :slight_smile: