After upgrading to v3, I downloaded Comodo’s own Comodo Parent Injection Leak Test Suite (CPIL Suite).
I did the same thing years ago when first installing Comodo’s Firewall. Back then it passed its own test “out-of-the-box” as Comodo claims a good firewall should.
Now I’ve done the same for v3, and it fails tests 1 & 3. CFP v3, again “out-of-the-box”, allows CPIL Tests 1 & 3 to pass my random text to its server.
So, to quote Dr. Christian Szell: IS IT SAFE?
Do you have Defense+ active - I think it must be active to pass the test. I have mine on Train with safe mode and CFP3 pops up defense+ warnings when I try to use CPIL - it passed all three tests on my pc.
:SMLR
Well that does seem to have done the trick … eventually, which brings me directly to my 2 general comments:
Why is basic security like this optional on a firewall? Why is the option labeled “Deactivate Defense +” rather than something more helpful for an average user … something like “Disable firewall completely, but continue using cpu cycles for who-knows-what” ? That seems less misleading to me.
Why does the option right next to that one, labeled “Block all the unknown requests …”, in fact disable windows xp HOME login resulting in the virus-like failure “userinit.exe - Application Error: The application failed to initialize properly …” rendering winxp Home completely useless until the victim finds a functioning computer and looks up how to enter Safe Mode on a laptop that doesn’t mention “F8” on the boot screen, figures out to ignore all the hints about editing xp PRO security policies and finally remembers that he should disable the recently upgraded firewall software which should be acting as a layer of protection between the computer and the outside work, rather than between the computer and itself …
But I digress: Should v3 be WinXP Home compatible?
Hi Folks,
I have just installed the latest version of COMODO firewall.
I ran the 3 cpil tests and each one failed.
I am running XP on a wireless network.
I’m not an expert on these matters just trying to protect my laptop as I’ve just reloaded the OS after a worm attack wreaked my hard drive.
I have left the defence+ disabled and all default settings untouched. I have followed the advice gien in other postings about running the tests correctly.
PLEASE HELP!
Hi,
CFP needs Defense+ for top protection, in the new 3 version the network firewall has handed over away the behaviour analysis and parent check to the HIPS component. Please note that CFP 3 with Defense+ will likely generate less popups, if left at the default settings and used correctly, than v2 which doesn’t offer a HIPS’ kind of protection. However if you’re not interested in Defense+, and you feel that the protection offered by v3’s network firewall alone is not enough, you can stick to v2 which is a great impregnable firewall and will continue to get support from here.
PS: Also, if you plan to give Defense+ a try, take into account that at the default clean PC mode it will consider safe anything already in the hard disc at the time of CFP’s installation. So if you want to test CFP v3 and your leaktest was already in your machine before the installation, manually add it to your Pending Files in Defense+.
Hi Japo, thanks for reply!
last week I had zero protection and got a virus (my fault - file sharing), after rebuilding everything Im now going overboard…yesterday I knew nothing about firewalls and now im running tests.
All I want is reasonable protection…I want to be able to send my credit card details and not worry about my laptop being used a a zombie etc…if CFP 3 firewall alone will do that with minimum amount of fuss (pop ups etc) then I’ll be happy…
Am I covered for my needs???
My questions are simple.
Q1: Why my COMODO firewall (Version 3.0.14.276) fail CPIL test???
Q2: Why is there only 9.08 MB in this version, but 31.3 MB in the previous version???
Info: I uninstall the previous version 3.0.13.268 first. Then install this version. During the CPIL test, I use all default settings, IE with predefined web browser rules. My IE is version 7, Win XP SP2, 32 bit.
I do not turn on Defense+. It is inactive.
THE CURRENT VERSION(3.0.14.276) IS THE ONLY COMODO FIREWALL VERSION WHICH FAIL ALL 3 CPIL TESTS.
Remove all D+ rules for cpil executables. and add all files in cpil directory to pending list.
Then repeat the test.
You may find more info about your issue in the help section “Defense+ Settings”
Clean PC Mode: From the time you set the slider to 'Clean PC Mode', Defense+ will learn the activities of the applications currently installed on the computer while all new executables introduced to the system are monitored and controlled. This patent-pending mode of operation is the recommended option on a new computer or one that the user knows to be clean of malware and other threats. From this point onwards Defense+ will alert the user whenever a new, unrecognized application is being installed. In this mode, the files in 'My Pending Files' are excluded from being considered as clean and are monitored and controlled.
BTW: please name all future topics in order to make it easy to guess the content (topic) there are mnay reason this will be useful.
Thanks for you understanding.
I never activeate the defense+, because I dislike too many questions.
Do you mean the default settings are insecure?or, I must activeate the defense+ to pass the test?
Also, could you further explain how and where to remove the rules you mentioned above to pass the test?
I am having the same problem with CPIL Test Suite failing. Changed Defense+Active to train with safe mode. Still Failed all three test. At the bottom of page it says to uninstall current firewall & install Comodo. It is Comodo. Why doesn’t it recognize its own software? What else can be done to configure v3 firewall? Makes me whether its safe to continue using Comodo.
I also found that Comodo 3.0.14.276 failed the test with Defense+ disabled.
But then I went back to 2.4.18.184, run Test 1 and – it also failed it.
Just an alarm “IE is trying to connect to the Internet…”. I clicked on “Allow”, the information I typed was sent to the Comodo website. ???
Re: Fnomis:
My COMODO 2.4 passed all CPIL tests.
When you press “test1”, the firewall will alert you “CPIL modified the parent application” and your IE explorer is trying to connect the Internet.
You should choose “BLOCK”. And nothing will then be sent.
COMODO 2.4 firewall (But NOT v3) passed.
If you previously launched CPIL Test Suite while Defense+ was in Training Mode (the only mode that can fail this test), then the rules that allow it to start IE, access other processes’ memory and so on, have already been created in Computer Security Policy. It doesn’t matter now if you switch to Train with Safe mode - Comodo will obey those rules, and as a result - fail the test again.
So, go to Defense+ / Advanced / Computer Security Policy, and delete the rules for CPIL Test Suite. Run the test again in Train with Safe mode - you should see the Defense+ alerts now.
XP Pro SP2 / CFP 3.0.14.276 / Defense+ disabled
test1 - failed
test2 - nothing happens at all
test3 - failed
Thanks for the information.
Got the warnings, blocked them, passed all tests (or is it failed them all) in any event no contact was was made to the internet by any of the tests including the grc test.
Stan
OS - XP sp2
AV - Eset NOD32 - V3.0.566.0 - Max Protection
FW - CFP v3.0.14.276 - FW and D+= Train W/Safe Mode
Followed Marrat’s advice, and I failed all three CPIL tests. Could it be b/c when I installed the newest version of Comodo I said that I do use P2P and file sharing applications? (I said that b/c I do use a home network/workgroup, and with my previous installation, I couldn’t get the workgroup to be recognized on other computers nor could I ping to the computer with Comodo installed.) Should we be concerned about these failures?
Downloaded the latest version of Comodo Firewall Pro today, and cannot seem to pass Comodo’s own CPIL test. Here are the details:
Version: 3.0.14.276
OS: Windows XP Home SP2
Also running: Avast Antivirus version 4.7 Home Edition
Firewall set to Train With Safe Mode, Alert Frequency set to high, “This computer is an internet connection gateway” is unchecked.
Defense+ set to train with safe mode, “Trust the applications digitallly signed by Trusted Software Vendors” is checked, two settings underneath on General tab are uncheck, all settings on Monitor tab are checked.
Yes, I cleared out the policy for the CPIL Test program from the Computer Security Policy section upon moving to Test With Safe Mode in Defense+.
Comodo does not so much as bring up a warning box when the CPIL test runs. It simply goes through, fails, then tells me to download Comodo Firewall Pro. 
Any suggestions to secure the firewall?
By the way, in case the question is asked, I did search the forum before posting, but didn’t see a suitable answer offhand.
Update: For whatever reason, as I haven’t changed anything, Comodo is now popping up Defense+ warning boxes with CPILSuite. Trying to type anything at all into the box prompts a warning that CPILSuite is trying to access the keyboard directly, and Tests 2 & 3 pop up a warning that a global hook is trying to be installed.
Do these particular warnings need to be allowed for the test to run? FYI, just submitting Test 1 without typing still indicates a test failure.
I guess the question is, what will it look like if the tests pass? Do the emergence of the boxes indicate a pass, or do the indicated things in the boxes need to be allowed for the test to run?
Downloaded the latest version of Comodo Firewall Pro today, and cannot seem to pass Comodo's own CPIL test. Here are the details:Version: 3.0.14.276
OS: Windows XP Home SP2
Also running: Avast Antivirus version 4.7 Home Edition
Firewall set to Train With Safe Mode, Alert Frequency set to high, “This computer is an internet connection gateway” is unchecked.
Defense+ set to train with safe mode, “Trust the applications digitallly signed by Trusted Software Vendors” is checked, two settings underneath on General tab are uncheck, all settings on Monitor tab are checked.
Yes, I cleared out the policy for the CPIL Test program from the Computer Security Policy section upon moving to Test With Safe Mode in Defense+.
Comodo does not so much as bring up a warning box when the CPIL test runs. It simply goes through, fails, then tells me to download Comodo Firewall Pro. Wink
Any suggestions to secure the firewall?
By the way, in case the question is asked, I did search the forum before posting, but didn’t see a suitable answer offhand.
Update: For whatever reason, as I haven’t changed anything, Comodo is now popping up Defense+ warning boxes with CPILSuite. Trying to type anything at all into the box prompts a warning that CPILSuite is trying to access the keyboard directly, and Tests 2 & 3 pop up a warning that a global hook is trying to be installed.
Do these particular warnings need to be allowed for the test to run? FYI, just submitting Test 1 without typing still indicates a test failure.
I guess the question is, what will it look like if the tests pass? Do the emergence of the boxes indicate a pass, or do the indicated things in the boxes need to be allowed for the test to run?
Hi there, as I haven’t run the tests I can’t say for sure, but I’m almost certain that Comodo popping up a warning box and telling you that something is trying to happen is a pass.
In the real world if these weren’t just simulated tests that you launched yourself, the job of the firewall and defense+ would be to prompt you to make a decision (block) thereby preventing the threat.
As for why that didn’t happen the first time I have no idea. Had you ever run the tests before posting? Maybe the first time you never tried to type anything so it just let it pass?
I suppose as long as you’re being warned now all is well.
Just one more thing, while I’m here so as to avoid confusion in the future. Defense+ is the one being set to train w/ safe mode. The firewall does not have that option.
Dave
Train with safe mode is listed in Firewall Behavior Settings, between training mode and custom policy mode. Should I be looking in a different section to dial in firewall protection?
??? my CFP3 firewall HAVE “train with safe mode” option.
*Block all mode
*Custom policy mode
*Train with safe mode
*Training mode
*Disabled