Test Your HIPS - Comodos 5 New Security Tests

Discussion in 'other anti-malware software' started by CogitoErgoSum, Apr 18, 2008.

Thread Status:
Not open for further replies.
  1. InVitroVeritas

    InVitroVeritas Registered Member

    Joined:
    Mar 5, 2008
    Posts:
    64
    FYI : Dynamic Security Agent passed (or "errored") all except the first one, on a test XP pro, under admin account.

    slight and non-constructive disgression : I've to admit that, as usual, I'm a little undecided towards those tests.
     
  2. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    Just tried the Free GesWall on my system; Win XP Pro.

    Different from LoneWolf's results above. Any idea why?
     

    Attached Files:

  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,357
    Location:
    Hawaii
    Dismal results for TF! :doubt:

    ProSecurity passed all tests.

    Did anyone test SSM?
     
  4. InVitroVeritas

    InVitroVeritas Registered Member

    Joined:
    Mar 5, 2008
    Posts:
    64
    I'll surmise that is simply because there is no actual "rootkit installation" or "dll injection" in these leaktests, which are most certainely *not* tailored made to test behavior blockers, but rather classic HIPS or FW with HIPS like features.
     
  5. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Are we sure with sandboxie that it actually failed some of them? Could it be that the programs are just running in the sandbox and it thinks it got the computer but it actually dosen't?
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    That is exactly what happens. Sandboxie isn't a HIPS, so the test can do it's thing, but only affects sandboxed programs, not the system.
     
  7. erreale

    erreale Registered Member

    Joined:
    May 2, 2004
    Posts:
    27
    Location:
    Italy
    Sure? I tried with prosecurity 1.43 and the second test is vulnerable. I can not finish the fifth because of an error message windows. Some idea of diversity results?
     
  8. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    With its default file rules, PS 1.43 will fail the second rootkit test because there is no rule to filter the *.sys_old file extension.

    Nick
     

    Attached Files:

  9. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    You need to add a broader rule to pass the test...
     

    Attached Files:

  10. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,244
    Location:
    Pennsylvania.
    I can't download it. It does not let me hit OK. Also what do I do after I download thiso_O
     
  11. erreale

    erreale Registered Member

    Joined:
    May 2, 2004
    Posts:
    27
    Location:
    Italy
    thank you very match
     
  12. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    EQSecure 3.41 passes all but the BITS test.

    ProcessGuard full version 3.51 passes both rootkit tests and dll injection 2. It fails dll injection 1 and BITS.

    The test GUI claims that EQSecure and PG both fail rootkit 2 test. This is incorrect. Both pass the test.
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,730
    Location:
    U.S.A. (South)
    https://www.wilderssecurity.com/showpost.php?p=1225400&postcount=24

    Now confirmed by another EQS user.
     
  14. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    defensewall gives me Vulnerable on the last item. :cautious:
     
  15. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Interesting. Could you send me DW's log file on the last test?
     
  16. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    On my system Defensewall 2.30 passes BITS Hijack test and all others except DLL Injection 1. This test seems to hang. See screenshot.
     

    Attached Files:

  17. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Good to know!
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,730
    Location:
    U.S.A. (South)
    I,ve tested REAL rootkits and severe malware samples at EQS so these test successes with EQS are not exactly surprising. PE386, Haxdoor, etc now those are real nail biters and what about ADS, they are still very much a threat as they ever were. I even use an ADS on one of my disk for fun that launches an .exe rubberball everytime i access either a notepad or some other %WinDir% system file.

    I think this was more of a showcase then any real HIPS test IMO.
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan

    Hi, make sure that all thre files, clt.exe, dll.dll and driver.sys are marked isolated. I get same results for GW free and Pro, on XP Home.
     

    Attached Files:

  20. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    Comodo will always impress me (sarcasm).
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,613
    Location:
    The Netherlands
    SSM Pro:

    Rootkit 1----------Protected
    Rootkit 2----------Vulnerable
    DLL1--------------Testing.....
    DLL2--------------Protected
    BITS--------------protected

    Neoava Guard:

    Rootkit 1----------Protected
    Rootkit 2----------Error
    DLL1--------------Error
    DLL2--------------Protected
    BITS--------------protected
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,730
    Location:
    U.S.A. (South)
    So will EQSecure (COMPLIMENTS!) :cool:
     
  23. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    Tested with DefenseWall HIPS v2.30 / Vista-32:

    all tests passed.:)

    Good job Ilya!
     
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,357
    Location:
    Hawaii
    If anyone here is running DriveSentry, will you please test it against Comodo's 5 bagger, and post results?
     
  25. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.