Wallbreaker 4 test

I have tried the new beta safety with Wallbreaker, and there is one thing that makes me wonder if i have a setting that is wrong. It fails with test 1, if i have IE running when i’m doing the test!? If i don’t have IE running i get a popup that say, a parent svchost is trying blabla bla…
Why don’t i get a popup when IE is already running?

I can add that i tried with both learning and on with component monitor. Default settings on everything else.

Try disabling Security->Advanced->Miscellaneous->Do not show alerts for the applications certified by COMODO(previously called as automatically approve safe applications).

I have tried that… doesen’t make a difference…
Ïs it something with IE 7 beta3?
Test 1 fails if IE is open when i start the test…
I have XP SP2 Home with all updates.
Look at the image.

[attachment deleted by admin]

When I do not have an IE6 window open all tests produce a CPF popup.

When I do have an IE6 window open only test #2 gives me a CPF popup. All the other tests open a new browser window.

Disabling ‘Do not show alerts for the applications certified by COMODO’ does not help.

Using XP Pro/SP2 with all updates.

Nice to see that i’m not alone with this problem… (the problem is not nice… :o)

Thought it was my rules or something that caused this…
I haven’t made to many though, because the stable version is knocking on the door…

When IE was running, I got popups: WB Test 1 & WB Test 2.
When I closed WB I got one more popup for opened IE window.

I have IE7B3 + WinXP Pro SP2 (all updates) + Component Control disabled.
I have passed all tests on Firewall Leak webpage, including Wallbreaker 1,2.
I could not test WB 3,4 due to disabled CMD.exe and Task Scheduler service.

I did four different tests with IE 7b3 and I had same results at all: CPF failed in 1st, 3rd, 4th and pops-up in 2nd. But remember that I am a home user.

I spent the last several hours running the leak tests from firewallleaktester.com on my xp pro computer (SP2 with all updates). Only one leak test program seemed to fail–Wallbreaker. WB test 2 passes; WB tests 1, 3, 4 and 5 all appear to fail.

Then I unchecked Security-Advanced-Miscellaneous “Do not show any alerts …” and now it passes all tests with flying colors!!

The testing was done from an administrative account.
Comodo firewall - had component monitoring enabled and the Connections window open
TCPView - had window open
Process Guard - everything disabled
Nod32 - application monitor disabled
Trojan Guard - disabled
Norton Goback - running in Safe Try mode

These tests would not run:
Outbound.exe and mbtest.exe would not run because “packet.dll could not be found”
Breakout-wp would not run because “not for 32bit windows” or some such

As best I could tell, these tests passed:
comodo parent injection
jumper.exe - explorer desktop disappears & won’t restart, had to CTL-ALT-DEL and shut down
pcaudit2(6.3).exe - here I made an “allow” mistake and leaked data via TCPView
thermite.exe - the 1st time I tried this, Comodo hung at 99% cpu utilization, but this never repeated.

I have the following suggestions for improving things:

  1. I would expect the “close” button on the Activity-Connections table to terminate the process. It doesn’t, it seems to only remove it from view, letting it run happily out-of-sight.

  2. Even though I’ve been running Comodo beta ever since it was released, I still got a pop-up window with 13 or more new components in iexplorer a couple of time during these tests. When there is a long list of new components, it is cumbersome to hunt for each component in windows explorer in order to open its property sheet (which is needed to make an informed decision). We need to be able to click on each item in the list and be taken to it in Windows Explorer, or to its property sheet, so we can make an informed decision to allow, or not to allow.

  3. I like to have a “Connections” window open at all times, and like to have it at the top of my display. Comodo’s Connections window is perfect except for all the space taken by the toolbars, which pushes the connection info too far down the screen. I wish the connection info could be moved to the top.

If I disable it, Comodo passes all WB tests (:CLP)

For this test, I have just verified that when an instance of iexplore.exe is running, then CPF fails the test.

We will be fixing this bug in the future versions. Note that, for CPF to fail, iexplore must be visible so everything must happen in the screen otherwise, CPF wont allow that.

Thx all for the feedback,

This is not my experience, I am passing all 5 wb tests now that Security-Advanced-Miscellaneous-“Do not show any alerts …” is unchecked.

I get a firewall pop-up, click deny, and get a new instance of IE6 that fails to connect while the existing instance continues to show whatever page I was on. Afterward, I have to close all instances of IE6 before I can continue browsing.

(This is different from my previous experience of having to log off or reboot in order to continue browsing–I don’t know why)

There are some special conditions for CPF to fail test 1:

1-“Do not show any alerts for applications certified by COMODO option” is selected or
2- A completely valid IE instance is open and its parent is explorer.exe and IE is visible, or
3- explorer.exe is allowed to COM/OLEAutomation IE, and CPF has this rule in HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall\AppCtrl\IPC key

These 3 cases can cause CPF BETA to fail. 2nd item is a bug and will be fixed.

Tests 3, 4 can only fail if the user has a previously created a rule for IE with parent svchost.exe in application monitor or parent check for IE is skipped in the rule.

Currently, you wont be able to use CPF in intercepting mode, which actually exists, but will be made available for use when we release HIPS enabled versions.


Nice to know that it was a bug with the IE open testfailure…
That fix you are gonna make for it, will let me pass all leaktests. (B)

This bug exists on BETA releases. Stable version does not have this bug.

On my computer does not fail under condition 2

I have the following IE6 - Tools - Internet Options

Security-internet = Medium

Privacy = Medium

Programs-Manage Add Ons The security programs are:

 Safer Networking Ltd. - BHO  (this is Spybot Search & Destroy's malicious download stopper)
 Microsoft - Malicious Software Removal tool
 PolicyMaker - BHO   (not setup to do anything so far as I know)
 PrivBar   (shows the browser privileges,  admin/user)

Advanced-Browsing Only the following are unchecked:

 Automatically check for IE updates
 Display a notification about every script error
 Enable Install On Demand (IE)
 Enable Install On Demand (Other)
 Enable Personalized Favorites Menu
 Force offscreen compositing ...
 Notify when downloads complete
 Reuse windows for launching shortcuts
 Show friendly URLs
 Use inline AutoComplete

Advanced-Security Only the following are unchecked:

 Allow active content from CDs to run on My Computer
 Allow active content to run in files on My Computer
 Allow software to run or install even if the signature is invalid
 Check for server certificate revocation (requires restart)
 Do not save encrypted pages to disk
 Empty Temporary IE files folders when browser is closed
 Use TLS 1.0
 Warn if changeing between secure and not secure mode

Hope this helps

Possible. It does depend on the timing. But since we addressed the bug, it wont fail anymore.

I’m using and under condition 1 (-“Do not show any alerts for applications certified by COMODO option” is checked), tests 1, 3 and 4 fails (it successfully open and load pages). From what I understood it is not considered as a bug but is it normal? Isn’t this option dangerous?

And what do you mean by “HIPS enabled version” isn’t COMODO already what we called an HIPS (Host Intrusion Prevention System)?

CFW has the application heuiristic analysis based detection but HIPS mode will allow you to intercept instead of detection.

Like “xxx.exe is trying to modify the memory of yyy.exe. Allow/Deny?”.

Currently, CPF does not intercept such things but records for analysis in case of a network connection.


This solution works on my machine. When I uncheck that setting, I pass all 4 Wallbreaker leak tests. However, this also causes Comodo to give me a TON of warnings/pop ups that I don’t really want to see. For example, when my antivirus goes to update, I get a pop up. If someone sends me an email with a link inside, when I click on the link, I get a pop up.

Is there any other solution available that might be more user friendly to those that are not so computer literate/a solution that will not cause so many alerts?