Discussion in 'other firewalls' started by drmjx, Jun 12, 2006.
Upload file to http://rapidshare.de/
May be u need to be registered there on the forums.
forget for register, this forum is only for Comodo user!
I await of this mystery test to become public!
Or is this new BITS mystery test created only for Comodo user? that make them happy!
here is the file.
pls replace the extension .txt with .zip
to find out how it exactly works pls refer to forums. it shoudl be visible.
My Jetico answer with Olap rule!
As you see I also pass this mystery test! (You typed:---)!
Don't be so sure, public Olap.rule not and maximum that my Jetico can do!
and "not nominations ITS name not at all!"
PS: I an not get download Comodo now!
If this test is created for me an my rule I am honored! thank you!
How you see!
Oh dear!the show is started. Hang on....
PS: I'm sure, not get download Comodo now!
as I am good with Jetico
I see there is now a new test. But lets go over a few points,.... as there as been some confusion.
Originally we where talking of comms sent by Svchost, well that is how I interpreted at first, and believed that by restricting svchost comms, that the test failed, and it can be easily seen as this. An explantion was given that it was the communication between Bitsadmin and svchost that was the actual test, and that Comodo sees/intercept this. From my own running of this test, Comodo does intercept this, Jetico does not, my conclusion on this is simple, in that, like from info on the Leaktest site, and some basic knowledge of firewall walls, the restriction/limiting of comms by any firewall goes a long way in protecting the system. (even though jetico does not intercept Bitsadmin=>Svchost, from Jetico default ruleset, the data transfer attempt is). That is why, from my post about Jetico, I post only rulesets per application, so as not to give rise to the possiblity of corrupting the flow of rules within Jetico, so that the user is not left more open / or restricted to a point where no promts are given, and comms are simply blocked/dropped.
I see from this latest test "cpil2" that this is an injection attempt?, Jetico will intercept injections by default, no new rules need to be added (in fact no new rules can be added by the user on this part (type of attack) of the rules system within Jetico, they can be renamed but not changed). I did run this test, Jetico intercepted a "network access" attempt by cpil2, I did stop it at this point (for now....but can complete if needed)
First prompt from Jetico, when cpil2 is run:-
If you saw the browser, you failed the test. Where is popup? What is the configuration? Tell us so that we can also test with the settings you set. Or you are just blocking some text to show your results?
I dont know honestly how CPIL2 works. It may not be related to BITS at all. I may have tested wrong. But with optimal policy it did not alert anything here. With olap rule, i also did not see anything as well. Let me know i am doing something wrong.
Comodo shows a popup "Cpil2.exe modified the user interface of iexplore.exe". But no memory injections. So it may not be a memory injection. It may be similar to breakout because i always see the same type of popup with breakout test.
I continued with the test to see,.. there is a "change to physicalmemory" attempt (Jetico missed this, as the attempt is to \device\physicalmemory (I am not sure yet what the "device" is. I will try to find time later is try and find)
Following the Jetico warning "access attempt" I was prompted with:-
(and why does the test say "succeded" before the browser is opened?)
I am sure Comodo is working for you
If it is accessing \device\physicalmemory, then it is trying to access the physical memory of the computer directly. By the way, after this test, until i restart the PC, jetico does not catch other leak tests as well.
I am not sure but as i understand from the following site http://www.security.org.sg/code/sdtrestore.html the test may be trying to disable protection of the firewalls since after the test my sandbox software also remained unfunctional.
I am using internet explorer as my default browser but do not see such an alert.
This is the alert given by SSM
I changed my "default" browser to IE, same alert (attached)
Check you have not allowed this in the Jetico rules: open the "optimal protection" and open the "root", you will see the "Process attack table", look in this to see if you have allowed this attack
Conclusion : Now you have all, popup, image and how you see Jetico pass
This mystery test is created only for Comodo user? that make them happy!
ATTENZION to all non experienced user! because?
I have tried to install time ago Comodo_220.127.116.11, same tries to download from the internet, my setup and ended here!
Because I have a simple principle, if I use Pay software The pay this and I want that is usable without conditions, and I want to have full control on the spread out one, this spread out is worth for free software, if that and free he must free be without the conditions!
If stretched software looks for of download or perhaps also upload dates before installing him?
From a firewall this I don't surely accept!Firewall is to protect user from upload/download
not make tihs job by self!
Note, you be maybe infected in the first place, maybe I don't know?
Software with aggressive call home I treat it as Spy-Ware or Trojan!
Discussion, me the lock here!
BiteMe I BiteYou Back!
PS: Jetico ist best!
Since you have SSM I think it blocks the test. You may need to test without any other security software.
Here is my results :
CPIL2 tries to access the \device\physicalmemory and disable all kernel level hooks set by security software. Then it runs the default browser and connect to Comodo site.
Comodo personal firewall either blocks "\device\physicalmemory" access or shows a "user interface change by CPIL2" type alert.
ZoneAlarm Pro 6 catches \device\physicalmemory access as suspicious attempt.
Jetico's advanced security features are completely disabled until system is restarted. After running the test, Jetico fails even thermite.exe leak test.
Sunbelt Kerio also failed this test with advanced security enabled.
ProcessGuard also protects against \device\physicalmemory access.
I did not test other firewalls. If anybody can test, please let us know about the results.
Comodo did download the "ISscript" installer, as this was needed (for first time installation). This was not liked by many, including myself, but this will no longer be needed as the Comodo installer as been changed.
This is, I believe to be incorrect, I have installed and monitored Comodo(a number of versions) , and found nothing to make me believe this.
All other type of protection are disabled when I test Jetico, otherwise I would not be testing Jetico.
I ran SSM to see what call is being made.
SSM was disable when Jetico alerted to this.
Well.. The users who will have patience to follow this topic(ruined by your meaningless posts despite the efforts of the moderator) will see how many times you tried to deceive people with fabricated test results with no proof(some even disproved by another jetico expert, Stem).
We could not discuss anything about Comodo's success against leak tests.
Comodo checks for automatic updates daily. But you are trying to tell people this optional behavior i.e. it can be disabled anytime, is phoning home. Why? Because you dont have anything else against this excellent free product.
http://www.pcmag.com/article2/0,1895,1969207,00.asp is a serious review of Comodo firewall for all users.
Read and enjoy, if you can.
Thank you for all rational replies. Hope to see you around in another topic.
Separate names with a comma.