Comodo Leak Tested Suite Updated!

[Juha L]

Quote:

Originally Posted by Subgud

In comodo firewall behavior settings i found a slider to reduce alerts. It worked for me. For the test i had paranoid modus and custom policy, but comodo seems to remember the settings you had for this test, so after the first run you can turn it back to clean pc mode and you will have very few pop ups!

Aha, and what does Comodo score when first run in "very low" alert mode? Sounds like this remembering of the leak test results after first running it in paranoid mode is kinda artificial and not close to the real life situation?

[alex_s]

Quote:

Originally Posted by firzen771

i run the actual firewall part of PC tools firewall and disable the enhanced Security Verification (HIPS). with purely the firewall part i get 60/340.

i believe a firewall should be exactly as it names says, a "Firewall".

and with JUST Mamutu in paranoid mode i get 10/340. but then again Mamutu is meant to block bad behavior not leak tests.

Firewall should be only firewall, behavior blocker should be only behavior blocker. But what then should stop the leaks ? Special leaks blocker ?

[firzen771]

HIPS... thats what stops the leaks as well as many other things that it protects, when u use a firewall like comodo or online armor, its not the firewall component blocking most of the leaks, its the HIPS part of it.

Hi Guys.

Thanks for testing your products. You can also add your product name and results here So we can add results & products to the list. If a product or result is wrong - Please let us know. Remember this is test the full power of your application.

[tsec]

Results posted 3xist.

Now I am off to slash my wrists...

Thanks mate!

[alex_s]

Quote:

Originally Posted by firzen771

HIPS... thats what stops the leaks as well as many other things that it protects, when u use a firewall like comodo or online armor, its not the firewall component blocking most of the leaks, its the HIPS part of it.

Yep, HIPS stops most, but HIPS itself knows nothing about outbound protection, and leak-tests aim to break outbound. This is why neither only firewall, nor only HIPS can be effective against leaks, but only combined product.

[firzen771]

unless the HIPS has outbound protection as well... how else would ProSecurity (which is a HIPS) be able to get such a high rank at matousec?

[bonedriven]

I'm using Avira personal+OA3
When I downloaded the program,Avira said coat.dll contains malicious code.I think the test has not begun yet,so I click ignore.

After I ran the test,it seems it stuck at 270/340.I couldn't close the program.I clicked "test" again.Then It seems it went on and finished at 330/340.Still,It stuck there.I couldn't close the program.I need to end the process in tast manager.

Quote:

Originally Posted by bonedriven

I'm using Avira personal+OA3
When I downloaded the program,Avira said coat.dll contains malicious code.I think the test has not begun yet,so I click ignore.

After I ran the test,it seems it stuck at 270/340.I couldn't close the program.I clicked "test" again.Then It seems it went on and finished at 330/340.Still,It stuck there.I couldn't close the program.I need to end the process in tast manager.

Try disabling Avira AV all together during the test.

Quote:

Originally Posted by firzen771

unless the HIPS has outbound protection as well... how else would ProSecurity (which is a HIPS) be able to get such a high rank at matousec?

I know ProSecurity has been discontinued, The owner/Developer joined Comodo - he was trying to sell the code before....

[firzen771]

hmm that sounds very promising for the developement of Comodo's D+ with his help.

[bonedriven]

Quote:

Originally Posted by 3xist

Try disabling Avira AV all together during the test.

Thank you for your reply.
The difference after I disable Avira AV is that I then can manually exit the test.But it still stuck at 270/340.If I click exit,it's ok.If I click test again,the result will show 330/340

So,I don't know which one is the result(the "?" button doesn't work either)

The test just doesn't go well with my system

[alex_s]

Quote:

Originally Posted by firzen771

unless the HIPS has outbound protection as well... how else would ProSecurity (which is a HIPS) be able to get such a high rank at matousec?

Because ProSecurity is very good HIPS. Though, for now it has 93% against 62 tests. I'd like to see its result against all the 73 tests. And I think there is some upper limit for pure HIPS (even close to ideal) in matou rate.

[alex_s]

What does it mean ? Do not ask me, please, how did I get these results, because they were got by self-made means and I'm completely sure everything was blocked correctly. It just seems "error" state doesn't count as "protected" which is wrong, I think.

Score 280/340

1. Hijacking: ActiveDesktop Protected
2. Hijacking: AppinitDlls Protected
3. Hijacking: ChangeDebuggerPath Protected
4. Hijacking: StartupPrograms Protected
5. Hijacking: SupersedeServiceDll Protected
6. Hijacking: UIHost Protected
7. Hijacking: Userinit Protected
8. Hijacking: WinlogonNotify Protected
9. Impersonation: BITS Protected
10. Impersonation: Coat Protected
11. Impersonation: DDE Protected
12. Impersonation: ExplorerAsParent Protected
13. Impersonation: OLE automation Protected
14. InfoSend: DNS Test Protected
15. InfoSend: ICMP Test Protected
16. Injection: AdvancedProcessTermination Protected
17. Injection: APC dll injection Error
18. Injection: CreateRemoteThread Error
19. Injection: DupHandles Protected
20. Injection: KnownDlls Protected
21. Injection: ProcessInject Protected
22. Injection: Services Protected
23. Injection: SetThreadContext Protected
24. Injection: SetWindowsHookEx Protected
25. Injection: SetWinEventHook Protected
26. Invasion: DebugControl Protected
27. Invasion: FileDrop Protected
28. Invasion: PhysicalMemory Protected
29. Invasion: RawDisk Protected
30. Invasion: Runner Protected
31. RootkitInstallation: ChangeDrvPath Error
32. RootkitInstallation: DriverSupersede Error
33. RootkitInstallation: LoadAndCallImage Error
34. RootkitInstallation: MissingDriverLoad Error

[SamSpade]

Just ran the CLT on Online Armor AV+ v. 3.x.208: 340/340

Had a pop-up for each test (sometimes more than one pop-up), so I was busy. But OA is doing the job it was created to do.

Second build in a row that has scored a perfect result, this time my browser (Firefox 3.04) was open. Not bad.

SamSpade


|||

[Carver]

Quote:

Originally Posted by SamSpade

Just ran the CLT on Online Armor AV+ v. 3.x.208: 340/340

Had a pop-up for each test (sometimes more than one pop-up), so I was busy. But OA is doing the job it was created to do.

Second build in a row that has scored a perfect result, this time my browser (Firefox 3.04) was open. Not bad.

SamSpade


|||

I ran CLT on Online Armor AV and Opera v9.62 and Online Armor AV DELETED OPERA also all Opera icons were missing, I double clicked on the .exe and nothing happened, I had to re install to repair Opera.

[SamSpade]

Quote:

Originally Posted by Carver

I ran CLT on Online Armor AV and Opera v9.62 and Online Armor AV DELETED OPERA also all Opera icons were missing, I double clicked on the .exe and nothing happened, I had to re install to repair Opera.

I had a similar problem when I ran CLT under OA AV+ v. 3.x.203: OA changed my "program access" to "blocked" for Firefox under the "Firewall" tab. Once I fixed that, and also re-installed Ffox over the top, all worked as it should; but I did run the test the second time with Ffox closed.

I have tried Opera now (under OA AV+ v. 3.x.208 ) and Opera works fine.

Did you have Opera open when you ran CLT?? That could be the problem.

Sam

|||

[Carver]

Quote:

Originally Posted by SamSpade

I had a similar problem when I ran CLT under OA AV+ v. 3.x.203: OA changed my "program access" to "blocked" for Firefox under the "Firewall" tab. Once I fixed that, and also re-installed Ffox over the top, all worked as it should; but I did run the test the second time with Ffox closed.

I have tried Opera now (under OA AV+ v. 3.x.208 ) and Opera works fine.

Did you have Opera open when you ran CLT?? That could be the problem.

Sam

|||

Yes, I re ran CLT, I closed Opera. This time it just blocked Opera.

[SamSpade]

Quote:

Originally Posted by Carver

Yes, I re ran CLT, I closed Opera. This time it just blocked Opera.

Very good!! If you unblock Opera in the rules, does OA still stop Opera from opening??


///