Solved

test webroot firewall with comodo firewall leak test


Userlevel 7
Badge +37
i test my webroot with comodo firewall leak test and get 50 from 340 score .
 
it is good ? this test is valid ?
 
 
icon

Best answer by Rakanisheu Retired 16 April 2013, 12:34

View original

15 replies

Userlevel 7
I have d/l and tested that program
 
Win XP with no AV: 20
Win 7 with WSA (Default settings): 190
Win 7 with MSE: 190
 
While I can see what its trying I wouldnt put too much weight in the results. Have you modified your settings in WSA? I am not sure why you are getting 50 in the test. I had a look at the items that WSA "Failed" on, pretty much all of them WSA actually protects against and even if its a brand new threat we can roll back the changes in the worse case scenario.
 
For instance:
 
File drop test is used to drop a file in the system32 folder, plenty of legimate programs will drop files in that folder. Its not a certain indication of malware. The same goes for the services test, if you install a new legimate program that requires a service to be run at startup (like Daemon tools/Nero/Vmware) it doesnt mean its bad.
 
However I can see what the test is trying to do. I wouldnt worry about your low score. I can go into more detail but if you hit the little "?" button that comodo test program it gives you more technical information about what its testing. I`ll be happy to answer any questions you have.
 
 
Thanks,
Roy
Threat Research,
Userlevel 7
You've hit on the right spot Roy. I wouldn't worry about the test result either.:)
Userlevel 7
Thanks Roy for your reassurance!
 
WSA usually doesn't seem to be strong in tests because WSA is so smart and intelligent solution which recognizes it's a test and not a real threat :D
Userlevel 7
Badge +37
Dear ,
Thank you .
 
When We use WSA , must windows firewall ON or Off ?
 
Regards ,
 
Userlevel 7
Surely ON because Win Firewall controls inbound traffic and WSA Firewall outbound traffic. They needs to be run together to have the complete Firewall protection.
Userlevel 7
Badge +37
Hi ,
agaian i run test and again give 50/340 .
 
COMODO Leaktests v.1.1.0.3
Date2:08:11 PM - 4/16/2013

OSWindows XP SP3 build 2600

1. RootkitInstallation: MissingDriverLoadProtected
2. RootkitInstallation: LoadAndCallImageVulnerable
3. RootkitInstallation: DriverSupersedeVulnerable
4. RootkitInstallation: ChangeDrvPathVulnerable
5. Invasion: RunnerProtected
6. Invasion: RawDiskVulnerable
7. Invasion: PhysicalMemoryVulnerable
8. Invasion: FileDropVulnerable
9. Invasion: DebugControlVulnerable
10. Injection: SetWinEventHookVulnerable
11. Injection: SetWindowsHookExVulnerable
12. Injection: SetThreadContextVulnerable
13. Injection: ServicesVulnerable
14. Injection: ProcessInjectVulnerable
15. Injection: KnownDllsVulnerable
16. Injection: DupHandlesVulnerable
17. Injection: CreateRemoteThreadVulnerable
18. Injection: APC dll injectionVulnerable
19. Injection: AdvancedProcessTerminationVulnerable
20. InfoSend: ICMP TestProtected
21. InfoSend: DNS TestVulnerable
22. Impersonation: OLE automationVulnerable
23. Impersonation: ExplorerAsParentVulnerable
24. Impersonation: DDEProtected
25. Impersonation: CoatProtected
26. Impersonation: BITSVulnerable
27. Hijacking: WinlogonNotifyVulnerable
28. Hijacking: UserinitVulnerable
29. Hijacking: UIHostVulnerable
30. Hijacking: SupersedeServiceDllVulnerable
31. Hijacking: StartupProgramsVulnerable
32. Hijacking: ChangeDebuggerPathVulnerable
33. Hijacking: AppinitDllsVulnerable
34. Hijacking: ActiveDesktopVulnerable
Score50/340

 
Userlevel 7
Can you uninstall/reinstall Webroot and dont import your settings and then re-run the test.
Userlevel 7
Badge +37
i reinstall my WSA : and now 30/340
 
COMODO Leaktests v.1.1.0.3
Date2:28:33 PM - 4/16/2013

OSWindows XP SP3 build 2600

1. RootkitInstallation: MissingDriverLoadProtected
2. RootkitInstallation: LoadAndCallImageVulnerable
3. RootkitInstallation: DriverSupersedeVulnerable
4. RootkitInstallation: ChangeDrvPathVulnerable
5. Invasion: RunnerProtected
6. Invasion: RawDiskVulnerable
7. Invasion: PhysicalMemoryVulnerable
8. Invasion: FileDropVulnerable
9. Invasion: DebugControlVulnerable
10. Injection: SetWinEventHookVulnerable
11. Injection: SetWindowsHookExVulnerable
12. Injection: SetThreadContextVulnerable
13. Injection: ServicesVulnerable
14. Injection: ProcessInjectVulnerable
15. Injection: KnownDllsVulnerable
16. Injection: DupHandlesVulnerable
17. Injection: CreateRemoteThreadVulnerable
18. Injection: APC dll injectionVulnerable
19. Injection: AdvancedProcessTerminationVulnerable
20. InfoSend: ICMP TestProtected
21. InfoSend: DNS TestVulnerable
22. Impersonation: OLE automationVulnerable
23. Impersonation: ExplorerAsParentVulnerable
24. Impersonation: DDEVulnerable
25. Impersonation: CoatVulnerable
26. Impersonation: BITSVulnerable
27. Hijacking: WinlogonNotifyVulnerable
28. Hijacking: UserinitVulnerable
29. Hijacking: UIHostVulnerable
30. Hijacking: SupersedeServiceDllVulnerable
31. Hijacking: StartupProgramsVulnerable
32. Hijacking: ChangeDebuggerPathVulnerable
33. Hijacking: AppinitDllsVulnerable
34. Hijacking: ActiveDesktopVulnerable
Score30/340

(C) COMODO 2008 and again testCOMODO Leaktests v.1.1.0.3
Date2:30:58 PM - 4/16/2013

OSWindows XP SP3 build 2600

1. RootkitInstallation: MissingDriverLoadProtected
2. RootkitInstallation: LoadAndCallImageVulnerable
3. RootkitInstallation: DriverSupersedeVulnerable
4. RootkitInstallation: ChangeDrvPathVulnerable
5. Invasion: RunnerVulnerable
6. Invasion: RawDiskVulnerable
7. Invasion: PhysicalMemoryVulnerable
8. Invasion: FileDropVulnerable
9. Invasion: DebugControlVulnerable
10. Injection: SetWinEventHookVulnerable
11. Injection: SetWindowsHookExVulnerable
12. Injection: SetThreadContextVulnerable
13. Injection: ServicesVulnerable
14. Injection: ProcessInjectVulnerable
15. Injection: KnownDllsVulnerable
16. Injection: DupHandlesVulnerable
17. Injection: CreateRemoteThreadVulnerable
18. Injection: APC dll injectionVulnerable
19. Injection: AdvancedProcessTerminationVulnerable
20. InfoSend: ICMP TestProtected
21. InfoSend: DNS TestVulnerable
22. Impersonation: OLE automationProtected
23. Impersonation: ExplorerAsParentVulnerable
24. Impersonation: DDEProtected
25. Impersonation: CoatVulnerable
26. Impersonation: BITSVulnerable
27. Hijacking: WinlogonNotifyVulnerable
28. Hijacking: UserinitVulnerable
29. Hijacking: UIHostVulnerable
30. Hijacking: SupersedeServiceDllVulnerable
31. Hijacking: StartupProgramsVulnerable
32. Hijacking: ChangeDebuggerPathVulnerable
33. Hijacking: AppinitDllsVulnerable
34. Hijacking: ActiveDesktopVulnerable
Score40/340

(C) COMODO 2008 interesting .
Userlevel 7
OK, one minute, let me test it in Win XP as I have only being testing WSA with that program in Win 7. Could just be an issue with XP and its numerous security holes 😃
Userlevel 7
Looks like its a Windows XP issue, I got 20 in my XP VM. As I said in my initial post I wouldnt worry about the results. If you are using WSA, make sure windows is up to date and update any 3rd party plugins (Java/Flash/Adobe).
Userlevel 7
Badge +37
Dear Rakanisheu
thank you so much .
i am not worry . :p
after update java and flash  get result 40/340 .
 
np .
 
 
 
Userlevel 7
Cool, due to the extra security options built into Vista/7 I would always expect XP to score lower. Its an interesting tool in anycase, thanks for the info. Always nice to try new things!
i think the "problem" is that the "comodo leak test" really is intended to be a test for HIPS programs.. the comodo firewall functions as a HIPS program.. i don't know it the webroot firewall is designed to function as a HIPS program, or not.. if the webroot firewall is designed to function as a normal firewall, as opposed to functioning as a HIPS program, i think an appropriate test for it would be GRC's "shieldsup".. GRC also has a "leaktest" that can be used to test a firewall's out-bound protection: http://www.grc.com/lt/leaktest.htm
Userlevel 7
@ wrote:
i think the "problem" is that the "comodo leak test" really is intended to be a test for HIPS programs.. the comodo firewall functions as a HIPS program.. i don't know it the webroot firewall is designed to function as a HIPS program, or not.. if the webroot firewall is designed to function as a normal firewall, as opposed to functioning as a HIPS program, i think an appropriate test for it would be GRC's "shieldsup".. GRC also has a "leaktest" that can be used to test a firewall's out-bound protection: http://www.grc.com/lt/leaktest.htm
Good point. But that doesn't explain the result Roy got in a Win7 system. Also WSA can be configured to act similar to a HIPS to quite some extent.
Userlevel 7
@Amit wrote:
Also WSA can be configured to act similar to a HIPS to quite some extent.
Yes Amit is right, if you set "Warn when new programs execute that are not trusted" under Heuristics settings you will have almost the full HIPS control.

Reply