WSA and Comodo Leaktests

Discussion in 'Prevx Releases' started by mwb1100, Feb 21, 2014.

Thread Status:
Not open for further replies.
  1. mwb1100

    mwb1100 Registered Member

    Joined:
    Sep 28, 2005
    Posts:
    25
    Based on the many postings about WSA here, I assume that the Prevx forum is a good place to discuss Webroot SecureAnywhere (I guess Prevx was aquired by Webroot?).

    I'm evaluating WSA 8.0 and like what I've seen so far. One thing that concerns me a little bit is that when I ran Comodo's firewall leaktest (v.1.1.0.3) 15 of the 34 tests came back as "vulnerable".

    Is Comodo Leaktest a reasonable test tool? In case it's of help to anyone, the items that were classified as vulnerable were:
     
  2. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,157
    Location:
    in a remote land :)
    WSA doesn't have a real firewall , it just add a layer of protection and more more control over Windows Firewall.

    Comodo Leaktest is "good" for pure firewall with HIPS or BB
     
  3. mwb1100

    mwb1100 Registered Member

    Joined:
    Sep 28, 2005
    Posts:
    25
    Except for the DNS test, these tests don't seem to be about network access so much as being able to use APIs or modify registry locations that malware often uses. From the marketing materials on WSA, one of the strengths of WSA is supposed to be that it isn't reliant on signatures, but looks at the program behavior to detect potential malware.

    Am I misunderstanding how WSA is supposed to work? Is the Comodo leaktest behavior being seen by WSA, but determined to be non-malicious (since I expect it isn't malicious) and therefore passed through normally? Is there some other testing that I should be looking to?
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,157
    Location:
    in a remote land :)
    i dont know if some tests were whitelisted in WSA cloud , maybe you should set WSA to maximum
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The Comodo leaktests are whitelisted and will not accurately test WSA (we won't block any of them).
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    WSA does have a firewall, it is just only an outbound firewall and we use the Windows firewall for inbound protection. We have a full stack of network filter drivers/controls just like every other firewall. It isn't quite as user-facing as some others because we've built it to be cloud-driven and easier to use.
     
  7. mwb1100

    mwb1100 Registered Member

    Joined:
    Sep 28, 2005
    Posts:
    25
    Can you suggest some tool I can use to test this kind of functionality, or is there a reasonable way for me to un-whitelist the Comodo tests?
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It won't be possible to un-whitelist the leaktests locally as the cloud will override it for overall monitoring. I don't know of specific test tools which aren't whitelisted for the items you posted in the first post, but leaktests don't reflect the full picture of a threat so they won't be handled the same way as actual threats.

    However, some test tools like Zemana's keylogger will be blocked (silently) when typing into a browser, so it will be possible to test a subset of the functionality.
     
Thread Status:
Not open for further replies.