Advice Request Comodo leak test, failed own test?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
Andytay70

Andytay70

Level 15
Thread author
Verified
Top Poster
Well-known
Jul 6, 2015
737
I have set up comodo firewall with help from cruelsisters review (parts 1 & 2) And decided to run comodo's leak test and comodo failed its own leak test!
Has anyone else had this problem or have i set it up wrong?
 
  • Like
Reactions: Logethica and Deleted Member 333v73x
Online_Sword

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
In the default case, CLT program will be recognized as a Trusted program by CFW.

In such case, its behavior will not be captured by CFW. In such case, the score would be around 240.

If you want to get a high score, please manually set the reputation of the CLT program as "Unrecognized".

If my memory servers me right, in such case the score will be 340/340.
 
  • Like
Reactions: Logethica, Andytay70 and ForgottenSeer
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Online_Sword said:
In the default case, CLT program will be recognized as a Trusted program by CFW.

In such case, its behavior will not be captured by CFW. In such case, the score would be around 240.

If you want to get a high score, please manually set the reputation of the CLT program as "Unrecognized".

If my memory servers me right, in such case the score will be 340/340.
Click to expand...

CIS set to Proactive Security.
Clipboard02.png

CLT set to "Unrecognized".
Clipboard01.png

Start CLT and CIS got pop-up, what to select (picture 3)?
Clipboard03.png
 
  • Like
Reactions: Logethica, Andytay70, Online_Sword and 1 other person
H

hjlbx

Online_Sword said:
In the default case, CLT program will be recognized as a Trusted program by CFW.

In such case, its behavior will not be captured by CFW. In such case, the score would be around 240.

If you want to get a high score, please manually set the reputation of the CLT program as "Unrecognized".

If my memory servers me right, in such case the score will be 340/340.
Click to expand...

CLT is designed to test HIPS module only; sandbox can\will interfere.
  • Import and enable Proactive Security configuration.
NOTE: You can't just switch from Internet Security to Proactive Security configuration. You have to import the "blank" Proactive Security configuration. If you do this without saving your current config, then the import will over-write it and you will lose all your custom rules (if you created any).
  • Disable Sandbox (remember to re-enable after completing CLT).
  • Stealth all ports.
Should get 340\340, but sometimes it does not.

To be honest, CLT is a waste of time and nothing but aggravation for those that do not know how CIS works.
 
  • Like
Reactions: Logethica, Andytay70 and Andi.HR
H

hjlbx

Online_Sword said:
May not be essential :) I get 340/340 with the default Proactive Security Config.
Click to expand...

If a user creates ANY rules in Proactive, they must re-import the default Proactive Security config.

Even if they do the above, not all users will get 340\340. COMODO has stated long-ago this is a known issue, but have never provided much infos as to why.

No, stealth ports isn't essential - since firewall not part of CLT. I just always do it out of habit. You are correct @Online_Sword.

Like I say about leak tests - they are a waste of time - since proper instructions and technical infos are never included.

I also have doubts regarding CLT accuracy on 64 bit systems.
 
  • Like
Reactions: Logethica and Andytay70
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
When I turn off Auto-sandbox then got 340, but i have to manual block every HIPS pop-up..

Clipboard01.png
 
  • Like
Reactions: Logethica
Online_Sword

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
You can also try Outpost Firewall (the score of the free edition is about 310, and the pro edition is about 330), Private Firewall (the score is about 290), Spyshelter Firewall (the score is also 340). For any of them, you have to answer the alert windows manually :)
 
  • Like
Reactions: Logethica and Andytay70
H

hjlbx

Passing leak tests should not be interpreted as providing absolute security; even if your security soft passes all leak tests it still might not protect your system.

Case in point is SpyShelter. It will not protect your system against certain ransomware if you do not configure it properly and do not know how to respond to the HIPS alerts.

When in doubt always choose Block\Terminate at the 1st HIPS alert whether it is COMODO, ESET, Kaspersky, SpyShelter, etc.

You can research a file and if it turns out to be safe then you can delete any block rules and re-execute and allow.
 
  • Like
Reactions: Logethica
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Why is score so low when Auto-Sandbox is turned ON?
CIS show Sandbox pop-up, I chose Unlimited, run the app and there is no HIPS alert any more?
 
  • Like
Reactions: AtlBo, Logethica and Andytay70
H

hjlbx

Av Gurus said:
Why is score so low when Auto-Sandbox is turned ON?
CIS show Sandbox pop-up, I chose Unlimited, run the app and there is no HIPS alert any more?
Click to expand...

When you select "Run Unlimited," you are running file outside the sandbox + trusting the file. So by choosing "Run Unlimited" (= trusting the file) you have instructed HIPS not to monitor and there will generally not be any HIPS alerts.
 
  • Like
Reactions: AtlBo, Logethica, Online_Sword and 1 other person
Online_Sword

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
hjlbx said:
So by choosing "Run Unlimited" (= trusting the file) you have instructed HIPS not to monitor and there will generally not be any HIPS alerts.
Click to expand...

Online_Sword said:
Run Unlimited. If you choose Run Isolated, clt.exe will be just sandboxed.
Click to expand...

So I made a mistake here. Sorry @Av Gurus . I executed CLT several months ago, so forget some details now...
 
  • Like
Reactions: AtlBo, Logethica and Av Gurus
Andi.HR

Andi.HR

Level 2
Verified
Apr 23, 2014
68
hjlbx said:
Yes. There is no instructions to tell user to select Block in each HIPS alert. User does not know what to do and thinks "WTF ????? - COMODO is garbage!"
Click to expand...

It is not a garbage, it is complex and confusing product ( only for advanced users who know what they doing ) but who understand it and know how to configure it and use it, have a "Fort Knox" security solution!
I also think that there is not many of them, I think not even Melih don't understand it completely :rolleyes:
 
Last edited:
  • Like
Reactions: Deleted member 2913, Logethica, porkpiehat and 1 other person
Status
Not open for further replies.

Similar threads

vitao
    • Like
    • Applause
Kaspersky Antivirus Free + Comodo Firewall Test Against 100 New Malwares (10/2024)
Replies
5
Views
533
Comodo
vitao
vitao
enaph
    • Like
    • +Reputation
    • Thanks
Privacy News Mullvad VPN Warns About Traffic Leaks on Latest macOS Sequoia
Replies
0
Views
1,350
Security News
enaph
enaph
Brahman
    • Like
    • Wow
    • +Reputation
Security News Secure Boot is completely broken on 200+ models from 5 big device makers
Replies
0
Views
2,412
Security News
Brahman
Brahman

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top