Unexpected CLT vulnerability when s/b level set to 'Untrusted' [Resolved?]

The bug/issue

  1. What you did: Ran clt.exe

  2. What actually happened or you actually saw:
    InfoSend: ICMP Test Protected
    InfoSend: DNS Test Protected
    Impersonation: OLE automation Protected
    Impersonation: ExplorerAsParent Vulnerable
    Impersonation: DDE Protected
    Impersonation: Coat Protected
    UPDATED:without sandbox my result 340/340

  3. What you expected to happen or see: No vulnerabilities

  4. How you tried to fix it & what happened: I’ve tried to check sandbox to Untrusted the result is… Impersionation:explorerasParent Protected but… Invasion physical memory:Vulnerable.

  5. Details (exact version) of any software involved with download link:

  6. Any other information you think may help us:

Files appended

  1. Screenshots illustrating the bug:
  2. Screenshots of related event logs or the active processes list:
  3. A CIS config report or file.
  4. Crash or freeze dump file:

Your set-up

  1. CIS version & configuration used:
  2. Whether you imported a configuration, if so from what version:
  3. Defense+ and Sandbox OR Firewall security level:
  4. OS version, service pack, no of bits, UAC setting, & account type:
  5. Other security and utility software running:
  6. CIS AV database version:

I would very much appreciate it if you would edit you first post and its title to put you bug report in the standard format. See here. Please see below for why.

When you have done that I will try to clarify you problem with you and then forward it to the verified issues Board.

Many thanks in anticipation for your co-operation


Bugs/issues can be impossible or very time consuming to fix if not well described. Since CIS is free, development time is limited. So if you want your issue fixed, please use the format below to describe it.

To avoid clutter, issues not described in the format below your post will not be moved to the ‘moderator verified’ issues topic. This means that the developers may not look at it.

There are specific circumstances when CLT reports very low scores. The moderators and developers are investigating these specific circumstances and hope to have more info soon. Based on current feedback form the developers, CLT can give erroneous and unreliable results when testing CIS in any configuration that is different from the one described in this post (it is a limitation within CLT). So, if you run CIS in the sandbox, you will get an unreliable/inaccurate score. The reasons why CLT gives unreliable results when using other CIS configurations will be the topic of another FAQ post (as soon as we get more feedback from the developers).

tnx for reply…

Excuse me Mouse1 for not expose the bug in the format that it has request but my tecnichal english is very poor and i believed that was better expose my problem normally.

tnx for the patient 88) 88) 88)

We’ll try to help you all we can, but we do need it in the standard format, sorry.

I’ll paste in the format and put in the info you have given so far. Please try your best to fill in the rest of the information, then ask for help if you don’t understand anything. You can PM me for help if you like.

Best wishes


I was pointed out to this thread and seems interesting: the higher security you should get the lower score in the leak tests… Am I reading correctly?

Sandbox behavior is why CLT fails these tests. Disabling sandbox shows CIS to be fully protective of your system. Your system is still safe, even with sandbox enabled. CLT was designed not to test a sandbox, but rather D+ HIPS and Firewall.

CLT will have to be redesigned to properly test a sandbox, any sandbox.

Thanks John. Living and learning.