Advice Request Comodo leak test, failed own test?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Andytay70

Level 15
Thread author
Verified
Top Poster
Well-known
Jul 6, 2015
737
I have set up comodo firewall with help from cruelsisters review (parts 1 & 2) And decided to run comodo's leak test and comodo failed its own leak test!
Has anyone else had this problem or have i set it up wrong?
 

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
In the default case, CLT program will be recognized as a Trusted program by CFW.

In such case, its behavior will not be captured by CFW. In such case, the score would be around 240.

If you want to get a high score, please manually set the reputation of the CLT program as "Unrecognized".

If my memory servers me right, in such case the score will be 340/340.
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
In the default case, CLT program will be recognized as a Trusted program by CFW.

In such case, its behavior will not be captured by CFW. In such case, the score would be around 240.

If you want to get a high score, please manually set the reputation of the CLT program as "Unrecognized".

If my memory servers me right, in such case the score will be 340/340.

CIS set to Proactive Security.
Clipboard02.png

CLT set to "Unrecognized".
Clipboard01.png

Start CLT and CIS got pop-up, what to select (picture 3)?
Clipboard03.png
 
H

hjlbx

In the default case, CLT program will be recognized as a Trusted program by CFW.

In such case, its behavior will not be captured by CFW. In such case, the score would be around 240.

If you want to get a high score, please manually set the reputation of the CLT program as "Unrecognized".

If my memory servers me right, in such case the score will be 340/340.

CLT is designed to test HIPS module only; sandbox can\will interfere.
  • Import and enable Proactive Security configuration.
NOTE: You can't just switch from Internet Security to Proactive Security configuration. You have to import the "blank" Proactive Security configuration. If you do this without saving your current config, then the import will over-write it and you will lose all your custom rules (if you created any).
  • Disable Sandbox (remember to re-enable after completing CLT).
  • Stealth all ports.
Should get 340\340, but sometimes it does not.

To be honest, CLT is a waste of time and nothing but aggravation for those that do not know how CIS works.
 
H

hjlbx

May not be essential :) I get 340/340 with the default Proactive Security Config.

If a user creates ANY rules in Proactive, they must re-import the default Proactive Security config.

Even if they do the above, not all users will get 340\340. COMODO has stated long-ago this is a known issue, but have never provided much infos as to why.

No, stealth ports isn't essential - since firewall not part of CLT. I just always do it out of habit. You are correct @Online_Sword.

Like I say about leak tests - they are a waste of time - since proper instructions and technical infos are never included.

I also have doubts regarding CLT accuracy on 64 bit systems.
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
When I turn off Auto-sandbox then got 340, but i have to manual block every HIPS pop-up..

Clipboard01.png
 
  • Like
Reactions: Logethica

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
You can also try Outpost Firewall (the score of the free edition is about 310, and the pro edition is about 330), Private Firewall (the score is about 290), Spyshelter Firewall (the score is also 340). For any of them, you have to answer the alert windows manually :)
 
H

hjlbx

Passing leak tests should not be interpreted as providing absolute security; even if your security soft passes all leak tests it still might not protect your system.

Case in point is SpyShelter. It will not protect your system against certain ransomware if you do not configure it properly and do not know how to respond to the HIPS alerts.

When in doubt always choose Block\Terminate at the 1st HIPS alert whether it is COMODO, ESET, Kaspersky, SpyShelter, etc.

You can research a file and if it turns out to be safe then you can delete any block rules and re-execute and allow.
 
  • Like
Reactions: Logethica

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Why is score so low when Auto-Sandbox is turned ON?
CIS show Sandbox pop-up, I chose Unlimited, run the app and there is no HIPS alert any more?
 
H

hjlbx

Why is score so low when Auto-Sandbox is turned ON?
CIS show Sandbox pop-up, I chose Unlimited, run the app and there is no HIPS alert any more?

When you select "Run Unlimited," you are running file outside the sandbox + trusting the file. So by choosing "Run Unlimited" (= trusting the file) you have instructed HIPS not to monitor and there will generally not be any HIPS alerts.
 

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
So by choosing "Run Unlimited" (= trusting the file) you have instructed HIPS not to monitor and there will generally not be any HIPS alerts.

Run Unlimited. If you choose Run Isolated, clt.exe will be just sandboxed.

So I made a mistake here. Sorry @Av Gurus . I executed CLT several months ago, so forget some details now...
 

Andi.HR

Level 2
Verified
Apr 23, 2014
68
Yes. There is no instructions to tell user to select Block in each HIPS alert. User does not know what to do and thinks "WTF ????? - COMODO is garbage!"

It is not a garbage, it is complex and confusing product ( only for advanced users who know what they doing ) but who understand it and know how to configure it and use it, have a "Fort Knox" security solution!
I also think that there is not many of them, I think not even Melih don't understand it completely :rolleyes:
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top