Why does comodo fail this leak test?

Hi,

I just ran the PC flank leak test to test my comodo firewall and it failed 4 times in a row. All settings are at max in comodo, I'm a little shocked to be honest.

https://imgur.com/NQg30

 

If you haven't done so already, change to Proactive Security.

 

It's already on proactive security.

 

How did you answer the PCFlank alert?

 

That's the problem comodo never even gave an alert for flank. Pc flank went straight through comodo no alerts nothing.

 

Look n Stop failed it too!!
even after blocking it in the application rules!!!

 

Changed back to oa which passed this leak test

 

Thats odd, what version of comodo were you running at the time? 5.9.221 sees it and stops it from running immediately. It had no issue stopping it from running. (also in proactive mode) and on gaming mode it saw it.

 

I was running the latest version, this was a fresh install of win 7 and comodo fw. I was shocked my self to be honest.

 

PASS.

 

Lonewolf was that with comodo?

 

No, it's with DefenseWall Personal Firewall 3.17

 

This was actually a hips test, i think. I remember something like that!

 

It is.

The following images are from a clean install of the latest version of CIS. The installation is default, with the exception of the AV. I also switched to Proactive security and disabled the sandbox.

If you're not seeing alerts, check the firewall behaviour settings and the defense+ settings and make sure the check box for 'Do not show popup alerts' is clear.

 

This is a firewall test not a hips test. If you allow internet explorer to run as you should, then type in your tests data that's when the firewall should alert you and for me comodo showed no alert. I've used comodo for many years and I'm very familiar with how to set it up correctly but the firewall showed no alert. Oa did.

 

From their site:

 

Old and broken test. Not always the pop-up showing you failed is correct
Last test I would use to appraise a firewall. And yes, HIPS test not firewall. There is no analysis involving the ability of a firewall to filter packets!
(This was discussed many times in here before)

 

Broken how? Could you point me to a link stating such? And as I posted above their site clearly says this is a firewall test.

 

It's not as simple as if the pop up saying you failed isn't always correct. You type a small amount of data into the box, if said date shows on their site then it's clearly bypassed your firewall.

 

Did you actually bother to read the OA alert? Or the PCFlank FAQ:

 

It is a broken test and there is no need for a link to prove it, we can just prove it ourselves . I used Windows XP, Comodo Firewall without D+ and PCFlankLeakTest. Comodo firewall does not allow IE by default, and in case you are wondering, connecting to 127.0.0.1:53 is because I run a local DNS server. The result is the following:



As you can see, even though IE didn't even get a chance to connect to the internet, the PCFlankLeakTest says it failed, and that the data was already sent to the internet. QED.

As for PCFlankLeakTest being a firewall test and not a HIPS one, I highly doubt about that. From the way that it works, it seems that it comes to the conclusion that the data was sent just because it was able to communicate with Internet Explorer (as you can see in the screenshot above, no data was really sent). Blocking this kind of behaviour has nothing to do with a pure firewall, but with a behaviour blocker/HIPS. Hence, this appears to be a HIPS test rather than a firewall one.

 

When I ran it I allowed it through hips because pc flank clearly states it's a firewall test and then when asked to type in some random data and press next comodo never gave an alert. Although why you've said "did you actually look at oa" I'm not sure as I'd already stated oa passed. Pc flank states this is a firewall test, with that said you need to allow internet explorer as the programme states it self the real test is when you type in random data and click next and comodo failed!

 

I just wonder why, if this test is broken most firewalls other than comodo pass?

 

As you can clearly see in my first screen shot the data was sent whilst using comodo https://imgur.com/NQg30

 

I actually posted the OA alert for you to read, clearly you still haven't. If you decide to later, you'll find it's saying the same thing as the Comodo alert, it just uses different language.

Anyway, for the last time, it's a HIPs test. It's using OLE to allow one program - the leaktest - to control another program - Internet Explorer. Firewalls simply control the ability of an application to make a connection via a protocol and port, they do not concern themselves with COM automation, that's what HIPS type applications do.