Net Sec Policy : block
Comp Sec Policy: isolated


any ideas why? I know I’m missing some of the settings from Proactive… I’ve got it configured the way useres of the forum had suggested, yet I need to work it out w/t Proactive since when it is ON I simply cannot acces this file but that’s not the point.

What test are you failing? What does ZAbypass mean?

bypass zone alarm firewall tool

the full name of the test is Bypassing Personal Firewall (Zone Alarm Pro)
it’s designed for ZAP but apparently should work with ANY other

Hi Korben, the leaktest uses DDE to try and bypass the firewall. Would you mind providing a little more information, please.

The Net Sec Block was applied to what? I assume the Com Sec Policy was applied to zabypass.exe?


Quill is here!

Yes, you are right as for zabypass.exe

Basically what I did was apply my knowledge gathered during other tests/leaks but it didn’t work this time.

on a side note, still new thing to me so sometimes you guys post assuming I know what you’re talkin about and sometimes I post assuming it’s obvious - but I’m learning thanks to you so dont give up on me lol

If we start speaking gibberish, just tell us, especially me :slight_smile:

Roger that!


so? what am I supposed to do with comodo FW to PASS the freakin test?

Where can I download the test?

Hi korben, see the attached screen shots for what happens when I run zabypass:

The first alert zabypass is making a call to csrss.exe (the client server subsystem) This is not terribly significant in itself, but it would probably make me want to see what happens next.

The second alert has zabypass making a call to firefox (substitute your browser here) Personally, unless I knew specifically what zabypass was, it would be stopped at this point.

The third alert is the most strange, firefox making a call to a COM (Component Object Model) interface. That would definitely set my radar off.

The documentation says zabypass uses the DDE-IPC protocol, well DDE is not COM but IPC messaging is part and parcel of both. Without knowing exactly what zabypass is doing behind the scenes, it’s hard to know how it uses IPC (Inter Process Communication) exactly.

[attachment deleted by admin]

Appreciate the input, mate! :-TU

It’s still rather complicated… ???

let me break it down like this ;D

I use Installer_Updater config, I run the zabypass.exe, I change the config to Proactive and… trying to run the test I clearly see that nothing happens, i.e. no popup window appears, which is good, right? :wink:

Perhaps in the near future I will find some time to analyze the issue in detail.

Apologies, I’m not sure I follow the first part of your break down. zabypass is just a single executable, there’s nothing to install. That aside, I’m surprised you don’t receive any kind of pop-up when it attempts to access the Internet. What are your security settings for the firewall and D+, aside from running proactive.

I did this test and CIS easily passed it. You said you use ‘installer updater’ configuration do that mean you selected ‘installer’ in the predetermined policy when the alert came up??? If yes, defense+ will definitely give it a clean chit.

When the exe try to inject it into IE block it… but once injected you get the alert that IE (which is safe) try to connect internet, which nobody will doubt for that matter… But blocking it to connect definitely works.

I followed these instructions:

When you use that tutorial you are running the computer in Clean PC Mode. That means it will execute all programs without interfering; it will allow all activity. That’s why you don’t get alerts I guess.

Network and Proactive are in safe mode both in installer_updater and proactive security config

mind you I might have changed some settings after I had read the above mentioned guide… perhaps it seemed right to me…cant remember now…

Can you tell us what configuration you are using? Look under Miscellaneous → Manage my configurations. How are Defense + and Image Execution Control settings set?

sure thing
it’s set to Proactive Security

Image Execution-> normal
D+ → safe mode
trust the applications… ticked

monitor settings → everything ticked

I find CIS passes everything even in Clean PC Mode, as long as Proactive Configuration is selected.