Comodo passes all leak tests

With Stems rules, Comodo catches PCFlank test.

Ok i assume with your rule se,t windows updates are accessible. So this means any trojan can go and download windows updates while Jetico is installed. Am I right?(I am going to download and test with your rule set later)

J

 

No! you are not right!

 

Hi neonSurge,

It was the default Jetico ruleset I have been using throughout this thread. (to check for the alerts given)

Not that a trojan would want to do that, would it?,.... but no, I dont think so,... on the default ruleset, I think Jetico would intercept the comms/access between the trojan and svchost, the alert being Trojan=Access to network.

 

Hi Stem,

No ofcourse a trojan would not connect to windows updates but this is just a demonstration that restricting svchost.exe is not passing the leak test. Because a network access without authorization happened. With a proper network configuration, you can remain quite safe but this is not specific to Jetico.

If this was a case, it should have reported "bitsadmin.exe" accesing network. Because bitsadmin.exe is the application which requests network access. But it did not report in my test with the Optimal Protection. As far as I understand, Jetico does not watch COM/OLE Automation requests, so that it fails to catch this communication between bitsadmin.exe and svchost.exe


J

 

Right! to Stem post #53

I wait demanded answer, on my post #45 and Stem post #32

 

I think you both have Windows DNS Service and BITS service disabled. Because when I disable them, Jetico catches DNSTester like every other firewall. When it is enabled, it always failed.

I am using Windows XP SP2 Pro with no firewall installed.

J

 

But I think I have already responded that svchost.exe had full access in CPF installation. What do you want to know more?

 

Does it report bitsadmin.exe? It did not in my computer.

 

I am using Windows XP SP2 Pro with no firewall installed too, with DNS Service and BITS service enabled! And Jetico pass all!

I wait demanded answer, on my post #45 and Stem post #32 ! OK..

I grant with bigc73542 "The Only Safe Computer Is Unplugged"

 

Lets try to keep the replys civil please

bigc

 

You must download and install "WindowsXP-KB838079-SupportTools-ENU.exe"

 

Well according to firewallleaktester.com it does not DNSTester as well. I already replied your post.

Can you please reply my post? Did jetico repoort bitsadmin.exe? If so, why not in my PC?

 

I have it installed. Ofcourse I have been using bitsadmin.exe while testing.

 

Yes! Jetico repoort bitsadmin.exe

 

Well it does not here. If you have popups, lets us see. Because it is strange that it reports to you but not to me....
Anyway, we will see when the the others users test and report their results.

 

hello neonSurge,
I have had a bit of a read up on this, and run the test.
Jetico is not intercepting this,...

Hello olap,.. the test is not the ability (or lack of) svchost from connecting out, it is the ability of bitsadmin to create and stack a job for svchost to perform. Now from my test I did get "TRANSIENT_ERROR 0 / 1 0 / UNKNOWN" from bitsadmin, but this was/is due to the fact the firewallleaktest site is down. But the job was successfully placed, and svchost attempted this, the only alert from Jetico was: 27/06/2006 14:24:41.375 ask TCP/IP outbound connection C:\WINDOWS\System32\svchost.exe 0.0.0.0 62.193.246.164 1538 80 (firewallleaktester)

 

Hi Stem,

Thank you for sharing your results.

My best regards,

J

 

I have just repeated this test with Jetico on default setting, same result. The only warning given:--

 

How you see,is not job of firewall to stop "bitsadmin", but svchost.exe or services.exe!
Job is not created, job is createt whe svchost.exe download from
http://www.firewallleaktester.com/tools/wwdc.exe , save to c:\wwdc.exe
and execute!

 

Hi olap, Yes, but that is not what neonSurge was posting about, it was the ability of the comms between bitsadmin and svchost. It is the creation and execution against svchost. I know the actual download is prevented (in both the default and your Jetico ruleset).
My default windows setup as BITS disabled, which will block, but that is not passing this test.

 

My default windows setup as BITS enabled!
If you prevent "svchost.exe" to conn. to internet, only job created is file on C:\
"Program" with 1KB. When open you this file you can see this:

You must have BITS enabled , sense Jetico not ask BITSADMIN!

If test pass you have on c:\wwdc.exe executed and Jetico ask wwdc.exe access to network!
PS: open new thread Jetico leaktest this is comodo and

I wait demanded answer, on my post #45 and Stem post #32

 

I did have BITS on for the test, as I was also performing windows updates to check on the WGATray. Its just that I normally (by default) have BITS turned off.
(If BITS is turned off, bitsadmin will alert that it cannot connect)

 

Yes!
If you run "BITS_tester.exe" with Jetico rule for explorer.exe to "AccesToNetworkOnly" nothing doesn't happen only Jetico show this:

 

If you are asking to me, please restate your question because i think i replied to you a couple of times.

J

 

Olap this test has nothing to do with explorer.exe. That activity may be because windows tries to verify the signatures of the files you downloaded from the Internet.

FYI, I dont use Bitstester. I run bitsadmin from the command line.