Andytay70

Level 14
Verified
Joined
Jul 6, 2015
Messages
681
OS
Windows 10
Antivirus
Avast
#1
I have set up comodo firewall with help from cruelsisters review (parts 1 & 2) And decided to run comodo's leak test and comodo failed its own leak test!
Has anyone else had this problem or have i set it up wrong?
 

Online_Sword

New Member
Verified
Joined
Mar 23, 2015
Messages
575
#3
In the default case, CLT program will be recognized as a Trusted program by CFW.

In such case, its behavior will not be captured by CFW. In such case, the score would be around 240.

If you want to get a high score, please manually set the reputation of the CLT program as "Unrecognized".

If my memory servers me right, in such case the score will be 340/340.
 

Av Gurus

Level 29
AV-Tester
Verified
Joined
Sep 22, 2014
Messages
1,807
OS
Windows 10
#4
In the default case, CLT program will be recognized as a Trusted program by CFW.

In such case, its behavior will not be captured by CFW. In such case, the score would be around 240.

If you want to get a high score, please manually set the reputation of the CLT program as "Unrecognized".

If my memory servers me right, in such case the score will be 340/340.
CIS set to Proactive Security.
Clipboard02.png

CLT set to "Unrecognized".
Clipboard01.png

Start CLT and CIS got pop-up, what to select (picture 3)?
Clipboard03.png
 
H

hjlbx

Guest
#6
In the default case, CLT program will be recognized as a Trusted program by CFW.

In such case, its behavior will not be captured by CFW. In such case, the score would be around 240.

If you want to get a high score, please manually set the reputation of the CLT program as "Unrecognized".

If my memory servers me right, in such case the score will be 340/340.
CLT is designed to test HIPS module only; sandbox can\will interfere.
  • Import and enable Proactive Security configuration.
NOTE: You can't just switch from Internet Security to Proactive Security configuration. You have to import the "blank" Proactive Security configuration. If you do this without saving your current config, then the import will over-write it and you will lose all your custom rules (if you created any).
  • Disable Sandbox (remember to re-enable after completing CLT).
  • Stealth all ports.
Should get 340\340, but sometimes it does not.

To be honest, CLT is a waste of time and nothing but aggravation for those that do not know how CIS works.
 
H

hjlbx

Guest
#9
May not be essential :) I get 340/340 with the default Proactive Security Config.
If a user creates ANY rules in Proactive, they must re-import the default Proactive Security config.

Even if they do the above, not all users will get 340\340. COMODO has stated long-ago this is a known issue, but have never provided much infos as to why.

No, stealth ports isn't essential - since firewall not part of CLT. I just always do it out of habit. You are correct @Online_Sword.

Like I say about leak tests - they are a waste of time - since proper instructions and technical infos are never included.

I also have doubts regarding CLT accuracy on 64 bit systems.
 

Av Gurus

Level 29
AV-Tester
Verified
Joined
Sep 22, 2014
Messages
1,807
OS
Windows 10
#11
When I turn off Auto-sandbox then got 340, but i have to manual block every HIPS pop-up..

Clipboard01.png
 
Likes: Logethica

Online_Sword

New Member
Verified
Joined
Mar 23, 2015
Messages
575
#13
You can also try Outpost Firewall (the score of the free edition is about 310, and the pro edition is about 330), Private Firewall (the score is about 290), Spyshelter Firewall (the score is also 340). For any of them, you have to answer the alert windows manually :)
 
H

hjlbx

Guest
#15
Passing leak tests should not be interpreted as providing absolute security; even if your security soft passes all leak tests it still might not protect your system.

Case in point is SpyShelter. It will not protect your system against certain ransomware if you do not configure it properly and do not know how to respond to the HIPS alerts.

When in doubt always choose Block\Terminate at the 1st HIPS alert whether it is COMODO, ESET, Kaspersky, SpyShelter, etc.

You can research a file and if it turns out to be safe then you can delete any block rules and re-execute and allow.
 
Likes: Logethica
H

hjlbx

Guest
#17
Why is score so low when Auto-Sandbox is turned ON?
CIS show Sandbox pop-up, I chose Unlimited, run the app and there is no HIPS alert any more?
When you select "Run Unlimited," you are running file outside the sandbox + trusting the file. So by choosing "Run Unlimited" (= trusting the file) you have instructed HIPS not to monitor and there will generally not be any HIPS alerts.
 

Online_Sword

New Member
Verified
Joined
Mar 23, 2015
Messages
575
#18
So by choosing "Run Unlimited" (= trusting the file) you have instructed HIPS not to monitor and there will generally not be any HIPS alerts.
Run Unlimited. If you choose Run Isolated, clt.exe will be just sandboxed.
So I made a mistake here. Sorry @Av Gurus . I executed CLT several months ago, so forget some details now...
 
Joined
Apr 23, 2014
Messages
82
OS
Windows 10
Antivirus
Kaspersky
#20
Yes. There is no instructions to tell user to select Block in each HIPS alert. User does not know what to do and thinks "WTF ????? - COMODO is garbage!"
It is not a garbage, it is complex and confusing product ( only for advanced users who know what they doing ) but who understand it and know how to configure it and use it, have a "Fort Knox" security solution!
I also think that there is not many of them, I think not even Melih don't understand it completely :rolleyes:
 
Last edited: