What if the Leak Tests fails ?

Hi All,
Recently I heard about the COMODO LEAK TEST. So I downloaded CLT from http://download.comodo.com/securitytests/CLT.zip
given on Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year. However some Antivirus report it as virus/malware (see detailed report here http://www.virustotal.com/file-scan/report.html?id=73a4e56396833c153f104aafdf072bdccbe39cecf4673180590a2a93e62952f6-1283096441 and here http://scanner2.novirusthanks.org/analysis/dcfc9121e46997462b9470f566feb0cd/Y2x0LXppcA==/

Here are my queries :–
1). Is it virus/malware ?
2).And lets suppose that my firewall fails all the tests it contains, so how is my system is modified/infected after the test.
3). Is my system the same(I mean not modified by the tests) after the execution of the test.


No, not in any way. It is a test application.

Your system should not be infected or permanently modified. However, some of the tests perform DLL injections into explorer.exe (the shell) and these can have unpredictable results. You should reboot after each run of CLT.

Same as 2.

I hope that helps.

I think Avira detected it but i did have heuristics on high…

Thanks Kail for your reply.
But why are so many AVs showing it as virus/malware

I can’t really say, you would need to ask the specific AV vendors about that.

Yes, please do: :wink:

I don’t see the point of declaring clt safe for third-party av and even for cav: it’s only, as its name tells, a test, and after using it, i guess one won’t keep it installed for life.

And it is very logically intercepted by every av heuristics, one would really have to worry of the opposite, as it behaves, it is made for that, exactly as some malwares.
In most av, i made the test with avira, you can place clt in some folder you whitelist, and you won’t be worried by alerts when testing.

This testing nature makes a good reason for av editors to keep from whitelisting it, added of course to the fact that these same av editors might be reluctant to do so with something coming from a concurrent.

It appears from the detections that it isn’t merely being detected as a keylogger, leaktest, or with heuristics. It isn’t a downloader or many of the other detection names and shouldn’t be detected as such.

What makes you say that?
The detection names of an av have fancy names, different from an av to another, and only resulting of the good will of the editor.

If one of the test’s executables is not alerted by its only name in the av base, and not only by heuristic activity, it would mean that clt is actively blocked by some av or another, and such an hypothesis wouldn’t make any sense.

My idea remains that the heuristic engine is the “culprit”, and it could be easily tested disabling the av heuristic engine (possible with avira, i don’t know for other av).

ok…if it fails it does not always mean that you are vulnerable to attacks from hackers…go to firewall>stealth port wizard>block all incoming connections and make my ports stealth to every one and hit enter.
then test your ports by logging on to http://www.t1shopper.com/tools/port-scan/#
if your ports are stealth then the tests will read not responding

CLT tests the vulnerabilities of outbound application filtering, rather than inbound port testing (something that CLT doesn’t do).

exactly, what i meant to say is that even after failing leak test there is no reason to panic …and your CIS can protect you from external threats (provided your system is clean) even if some vulnerabilities are shown by CLT.exe. please correct me if am wrong