Hi John.
Well first, I used the test and it seems to work for me. My text did get through “IF” allowed and with firewall off, it went through anyway. With XP firewall, went through. I’m not sure what the problem may be but I have went upstairs and tested on my son’s pc and worked the same. Are you behind any other securities like Kapersky or Norton?
I included screenshots as well…first with firewall on>allowed app>2nd w\o fW on.
Paul
[attachment deleted by admin]
G’day John,
So, is this some kind of Hoax?Has anyone ever seen this webpage with the text displayed?
Thousands and thousands of users who either have no firewall or a leaky one have seen their text transmitted and displayed on the Comodo website. Tens of thousands. Hundreds of thousands. The CPIL suite is NOT a hoax, it is widely acknowledged as a legitimate firewall leak testing suite, and not just Comodo but by third party security firms.
This is Major Bull, and here is why, (unless someone can tell me otherwise)It does not prove anything of the sort because if the test fails, I am "susposed’ to be taken to the comodo website with my text displayed.
So I thought, i’d test this. I ran the above options, xp firewall on without comodo.
Now, IE does open, but I am NOT taken to any comodo website with my text displayed. IE only opens to my Homepage !
Sorry, but it isn’t bull. If it were, these forums would be flooded with complaints. There are a couple of posts on the forums about the CPIL tests, but these are explanatory, where users didn’t understand what was supposed to happen (i.e. Yes, you are actually supposed to block the attempted egress and yes, you really should reboot in between each leak test).
I don’t have a reason why yours is the solitary instance of CPIL taking you to your home page rather than the Comodo web site, but your posting is the first occurence of this being reported.
If we can drop the terms “hoax” and “bull”, I’m quite happy to try and work through this with you.
I’d be interested to find out why your system isn’t responding the way all others are.
Cheers,
Ewen 
Thanks shifter and panic.
I did not know I was the only person to have this problem. Lucky me. . I am not behind norton or any other firewall. This is a straight copy of win XP Pro just recently installed with all service packs and updates. It is a dsl connection going through a bellsouth winppoe Nat modem/router, but that shouldn’t have caused the problem. Because the OS is “new” I don’t think there is a problem there, unless (and this is the only thing I can think of) I have a problem with the command line instructions working properly… seems a bit far fetched, i’m just grasping at straws.
Panic, sorry if I offend you with my choice of words, but I will not apoligise for using the terms Bull and Hoax, because you see that is exactly how it did look to me.
Anyway, I may take your words for it guys and try again, because I opt to wipe this drive and set up a nice copy of win xp media center on it later tonight. If it was a windows problem, it will show up then.
John Phoenix
Hey John,
No need for an apology - my skins a hell of a lot thicker than that. 
I was merely trying to say that if we can put the initial hiccups aside, we could try and nut it out together.
Let us know how you get on when you retest.
I’ve just reread your reply and noticed or first clue - "and set up a nice copy of win xp media center ". I’m not sure of any operational differences in Media Centre, but it is different to base XP and should be considered as a possible contributing factor. When you retest can you document each step and its result and post them here. I’ll perform the same steps on a clean XP install, just to see if there any different results at each step in the process.
Cheers,
Ewen
if rules is the reason of fail leak test, so I only make them more strict than the defaults.
I split TCP/UDP in/out to three rules
UDP out(destination ports 25,53,80,110,443,465,995,1863,5222,) , TCP out and TCP in(20,21,53,80,110,443,995,1863,5222,)
is it the reason that my comodo(2.4.17.183 db version 3.0) fail in leak test?
Hi ztkx
No, the CPIL Leak Test doesn’t work like that. CPIL injects a DLL into Explorer, the parent process of MSIE & attempts to circumvent any firewall by subsequently sending messages to MSIE (via Explorer) to get out to the Net. It doesn’t attempt to modify the ports that MSIE is allowed to use or anything like that. It is more to do with Application Behavior Analysis and the Application/Component Monitor relationships than any user defined rules.
Does that help?
the problem is not how to work, but how to make my comodo pass leak-test .
if the default comodo could be, so it should be yet in my more strict rules.
if it is not, how could I do?
Well the problem is that CFP passes all the CPIL tests in its default state. The only way to fail the CPIL tests with CFP active, is for the user to hit the “Allow” button when CFP prompts for CPIL messing with explorer.exe the parent of iexplorer.exe.
But, understanding is important… as then you would realise that the concept of “strict rules” make no real sense in this context. Assuming you always kept the CPIL DLLs in the same place, then you could manually add a Component Monitor block for the CPIL DLLs… but, the assumption is rather flawed, as there is no guarantee that you would even remember where you happened to unzip the CPIL archive. But, CFP would merely prompt for them anyway as they are detected.
Of course, none of this takes account of the fact that the user might disable Monitor DLL Injections. But, we are talking about CFP in its default state anyway.
I understand about the way of CPILsuite. but I think allowance is my only choice. it is no means if I could connect internet.
may be my rules is not match with my means about strict, but it should be more strict than the default rule(ID 1, TCP/UDP in/out no limitation).
about component block, I do not know that. I have done as the way you said. fail, still fail. except the default rules ID1, I don’t know other difference between my comodo and default comodo.
btw, CPIL test1 open IE, 2&3 open FF(3.0a1). however, my default browser is FF. it seem the behavior of CPIL has a little problem.
Firstly, you should reboot/restart your system after each CPIL test. Why? Because once the DLL is injected it cannot be legitimately ejected (not without risking Windows stability anyway). Failing to reboot between each CPIL test invalidates all subsequent tests & might cause the shell to become unstable & crash… it has happened on some systems, although it is not a certainty.
Rules (any rules) make little or no difference to CPIL as it attempting to subvert an existing process (explorer.exe in this case) that has an existing relationship between explorer.exe (the parent process) and iexplorer.exe (the child process MSIE). This is the nature & design of the leaktest. Check CFPs Help on Application Behavior Analysis (ABA). It is ABA that it catching this, not any rules. The rules you are taking about… TCP/UDP… well trust me… a normal MSIE will use exactly the same protocol (TCP) and port (80) that a compromised MSIE will use. There will ZERO difference as far as any rule concerning protocols or ports is concerned, CPIL doesn’t change protocols or ports… CPIL changes EXPLORER.EXE itself.
I did not tell you to add CPILs DLLs to the Component Monitor, in fact I was trying to point out that it would be fairly futile to do so.
In your Component Monitor do you have any CPIL*.DLL (* is a wildcard here) entries that you have not added? Are all CFPs options at their default state?
PS Remove the CPIL entries you added.
thanks
but I think it’s not enough to told keeping default state though I have done as you said.
the problem is which ABA option might make the result error(I think it’s the second and the last).
then I get the error result even at the first time.
the following is my steps.
In the case of CPIL I believe it is the ABA options Monitor DLL Injections & Monitor Parent Application Leaks as you have already discovered. But, what do you mean by “error result”?
it is the two option.
about “error”, exactly, I means I am told I could not pass the test.
the test1 is so, and reboot , next is so,yet
Hi Ztkx. If you are using the above rule, TCP&UDP in/out no limitations, this can create several problems and should be, TCP&UDP OUT no limitations.
(B) Lee
it is the default rule(ID 1) , my rules is above
Hi ztkx
Lee is correct about the posted rule, unless you have a trusted zone. Can you please take a screen shot of your Network Monitor (maximized) & post it here.
However, as I’ve previously stated these rules (especially Network Monitor rules) will have no impact on the CPIL leak test. The best thing that I can suggest for this is to uninstall CFP completely & re-install a fresh installation. Alternatively if you don’t wish to do that you can go to Comodo Support, register on their system & raise a ticket on this issue.
as you said, rules is not a problem.
my comodo ID is SLB-266488
I don’t really see a comodo ID though all has registered and gotten license, so I do like others.
[attachment deleted by admin]
THANX KAIL! Now I understand why mine was failing the CPIL test. I wasn’t rebooting after each test. Even then, I think that’s you guys’ (COMODO’s) fault. That part was not communicated clearly with the download guide rules. 
I think that can be modified/changed/improved? :BNC
Thanx again!! (:WAV)
Dear
My English is not good, so sorry for hard to under stand.
I just install Comodo and try CPIL. First test OK. The second one Fail, the third one OK. I try several time and it shows the same result.
I check my PC and change some setting. The previous time I set Opera as my default browser. The result show as above. When I change to set IE as default. It can pass all test with no problem.
Is it normal or not. If it not normal. How can I solve this problem by not change the default browser.
Thanks for your kindness
I just dowloaded Comodo today. I have taken the Parent Injection Leak Test with my Comodo and it failed the leak test #1. Haven’t gone any further. Comodo is supposed to pass their own leak test, what have I done wrong?
dsm15