Why does comodo fail this leak test?

Discussion in 'other firewalls' started by ZeroDay, Mar 2, 2012.

Thread Status:
Not open for further replies.
  1. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    Hi,

    I just ran the PC flank leak test to test my comodo firewall and it failed 4 times in a row. All settings are at max in comodo, I'm a little shocked to be honest.

    https://imgur.com/NQg30
     
  2. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    185
    If you haven't done so already, change to Proactive Security.
     

    Attached Files:

    • pcf.jpg
      pcf.jpg
      File size:
      33.7 KB
      Views:
      1,529
  3. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    It's already on proactive security.
     
  4. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    185

    How did you answer the PCFlank alert?
     
  5. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    That's the problem comodo never even gave an alert for flank. Pc flank went straight through comodo no alerts nothing.
     
  6. Atul88

    Atul88 Registered Member

    Joined:
    Dec 8, 2011
    Posts:
    259
    Location:
    India
    Look n Stop failed it too!!:( :(
    even after blocking it in the application rules!!!
     
  7. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    Changed back to oa which passed this leak test :)
     
  8. IcyCool

    IcyCool Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    5
    Thats odd, what version of comodo were you running at the time? 5.9.221 sees it and stops it from running immediately. It had no issue stopping it from running. (also in proactive mode) and on gaming mode it saw it.
     
  9. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    I was running the latest version, this was a fresh install of win 7 and comodo fw. I was shocked my self to be honest.
     
  10. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,788
    PASS. :D
     

    Attached Files:

  11. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    Lonewolf was that with comodo?
     
  12. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,788
    No, it's with DefenseWall Personal Firewall 3.17
     
  13. pandorax

    pandorax Registered Member

    Joined:
    Feb 14, 2011
    Posts:
    386
    This was actually a hips test, i think. I remember something like that!
     
  14. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    185
    It is.

    The following images are from a clean install of the latest version of CIS. The installation is default, with the exception of the AV. I also switched to Proactive security and disabled the sandbox.

    If you're not seeing alerts, check the firewall behaviour settings and the defense+ settings and make sure the check box for 'Do not show popup alerts' is clear.
     

    Attached Files:

    • 2.jpg
      2.jpg
      File size:
      145.5 KB
      Views:
      21
    • 3.jpg
      3.jpg
      File size:
      91 KB
      Views:
      1,327
    • 4.jpg
      4.jpg
      File size:
      65.8 KB
      Views:
      1,323
    • 5.jpg
      5.jpg
      File size:
      65.9 KB
      Views:
      1,317
  15. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    This is a firewall test not a hips test. If you allow internet explorer to run as you should, then type in your tests data that's when the firewall should alert you and for me comodo showed no alert. I've used comodo for many years and I'm very familiar with how to set it up correctly but the firewall showed no alert. Oa did.
     
  16. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    From their site:

     
  17. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,906
    Location:
    localhost
    Old and broken test. Not always the pop-up showing you failed is correct ;)
    Last test I would use to appraise a firewall. And yes, HIPS test not firewall. There is no analysis involving the ability of a firewall to filter packets!
    (This was discussed many times in here before)
     
  18. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    Broken how? Could you point me to a link stating such? And as I posted above their site clearly says this is a firewall test.
     
  19. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    It's not as simple as if the pop up saying you failed isn't always correct. You type a small amount of data into the box, if said date shows on their site then it's clearly bypassed your firewall.
     
  20. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    185
    Did you actually bother to read the OA alert? Or the PCFlank FAQ:

     

    Attached Files:

    • 1.jpg
      1.jpg
      File size:
      113.7 KB
      Views:
      1,275
  21. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,636
    Location:
    European Union
    It is a broken test and there is no need for a link to prove it, we can just prove it ourselves :). I used Windows XP, Comodo Firewall without D+ and PCFlankLeakTest. Comodo firewall does not allow IE by default, and in case you are wondering, connecting to 127.0.0.1:53 is because I run a local DNS server. The result is the following:

    FailTest.JPG

    As you can see, even though IE didn't even get a chance to connect to the internet, the PCFlankLeakTest says it failed, and that the data was already sent to the internet. QED.

    As for PCFlankLeakTest being a firewall test and not a HIPS one, I highly doubt about that. From the way that it works, it seems that it comes to the conclusion that the data was sent just because it was able to communicate with Internet Explorer (as you can see in the screenshot above, no data was really sent). Blocking this kind of behaviour has nothing to do with a pure firewall, but with a behaviour blocker/HIPS. Hence, this appears to be a HIPS test rather than a firewall one.
     
  22. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    When I ran it I allowed it through hips because pc flank clearly states it's a firewall test and then when asked to type in some random data and press next comodo never gave an alert. Although why you've said "did you actually look at oa" I'm not sure as I'd already stated oa passed. Pc flank states this is a firewall test, with that said you need to allow internet explorer as the programme states it self the real test is when you type in random data and click next and comodo failed!
     
  23. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    I just wonder why, if this test is broken most firewalls other than comodo pass?
     
  24. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
  25. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    185
    I actually posted the OA alert for you to read, clearly you still haven't. If you decide to later, you'll find it's saying the same thing as the Comodo alert, it just uses different language.

    Anyway, for the last time, it's a HIPs test. It's using OLE to allow one program - the leaktest - to control another program - Internet Explorer. Firewalls simply control the ability of an application to make a connection via a protocol and port, they do not concern themselves with COM automation, that's what HIPS type applications do.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.