Volunteers needed to test existing personal firewalls against new CPIL3 !

Hi guys,

We have created a new leak test called CPIL3 which uses a new techhnique to bypass personal firewalls. In our tests all firewalls have failed against this new test. We are going to release another BETA strenghtened against this threat. Before making the test public, we need to make sure our users are safe. So currently, fellow members of Comodo forum, i.e. members having the rank “Comodo’s Hero” can access it.

If you would like to test CPIL3, please send a PM to me with your email address so that we can send the test.


The latest CPF beta seems to stop the injection.

I get a popup with the exe and dll in it. It mentions that explorer.exe is using a global hook. Of course I deny the request.

From the output of CPIL3 itself it says that the injection was successful. This is prior to opening up my browser, or trying to, in my case. Is an injection of this sort something that an AV program or malware program should detect and thus not even allow the injection to take place? Or are injections a normal and common sort of thing?

Sometimes it should fail because of a bug. That bug also affects CPF 2.2 which is supposed to pass this test too.


egemen, I added something to my previous post that you might have missed since you were replying when I was modifying.

Lets not discuss these yet. Lets keep our discussions private until CPIL3 is made public because a new malware can evolve rapidly.

Please do not disclose the test results for other personal firewalls either. Use PM for all correspondence.


OK. Maybe you should lock this thread then.

Egemen on mine it fails. :cry:

I have as default browser opera 9.0
It does not warn at all

After 20 tests with explorer,firefox and opera here are the results:

  1. With “Automatically approve safe applications” on (10 tests):
    Opera → failed
    Firefox → failed
    IE → failed
  2. With “Automatically approve safe applications” off (10 tests):
    Opera → failed
    Firefox → failed
    IE → succeded the first test, but failed the other 9

Tried multiple runs like pandlouk. Ten consecutive runs resulted in CPF beta blocking it successfully each time using IE6.

I think if you set component monitor ON, it should always detect. Nonetheless, we classify those versions as failed.

Can you please try with CPF 2.2 stable version. It must pass independent of the bug it has. BETA versions has this vulnerability. If stable version passes in your tests, then our users will be safe and we can publish the leak test.


For BETA releases, try to test with Component Monitor is ON pls.

Egemen I did as you said.

  1. Stable version with dafault settings → 100% success with all 3 browsers ( 5 tests for each browser)

  2. Beta version with “C.M.” on → 100% success with all 3 browsers ( 5 tests for each browser)

Release it. The Dragon protects us ;D
(B) (S) (R)

ps. With the beta with “C.M.” on, at reboot it failed to load-read the “Application Monitor from registry”. It was “error 6” or 16 (I don’t remember :-\ ). It happened twice.

Melih please check this link

It reveals my internal IP. How come this happens?

It has to do with java but how can I fix it?

Egemen do you know if it can be fixed. I have not found any tweaks at the java panel that fixes it. Is it possible to block such data of the browser header with CPF or with the router?

Same here :frowning:
It’s very, very bad :o

It is my understanding that the world knowing your Internal IP address is not a security breach. Just as knowing your ‘real’ IP is no big deal.

Am I correct about this? If not, someone more knowledgeable then myself please enlighten me. :slight_smile:

I agree with streetwolf, knowing your internal IP addy will not help anybody trying to gain access to your system. AFAIK they can’t reference it in the way owner can anyway. After all, there are probably hundreds of thousands, if not millions, of systems with the very same internal IP address.

Tested CPIL3 with the following settings :

Default Browser : AMBrowser (IE wrapper - like Maxthon)
CPF Version :
Component Monitor : ON

Result : Firewall dialogue popped up allowing me to block it, but if I delayed in responding an IE window opened to the Comodo site saying the firewall had failed. It displayed the test I entered in the CPIL3 window, minus the first character. This “minus the first character” trait is repeatable.

If the above settings were used withComponent Monitor set to “Learning”, it failed without a dialogue.

Ewen :slight_smile:

Hi guys,

Those sites harvest data from browser headers. There are many headers that a browser can send while you browse the internet. HOST, REFERER, etc. Those header can be used to learn about your browsing habits like “How you are referred to a site” etc. So it is about privacy. No direct security risk or breach.

Has anybody tested other firewalls?If so, from now on we can talk about it.


checkpoints firewall1 hardware firewall fails. ill have the firmware revision and update level on monday for you

agnitum outlook fails
wyveryworks personal firewall 2004 fails

ewen -)