Solved

test webroot firewall with comodo firewall leak test


Userlevel 7
Badge +37
i test my webroot with comodo firewall leak test and get 50 from 340 score .

 

it is good ? this test is valid ?

 

 
icon

Best answer by Rakanisheu Retired 16 April 2013, 12:34

View original

15 replies

Userlevel 7
I have d/l and tested that program

 

Win XP with no AV: 20

Win 7 with WSA (Default settings): 190

Win 7 with MSE: 190

 

While I can see what its trying I wouldnt put too much weight in the results. Have you modified your settings in WSA? I am not sure why you are getting 50 in the test. I had a look at the items that WSA "Failed" on, pretty much all of them WSA actually protects against and even if its a brand new threat we can roll back the changes in the worse case scenario.

 

For instance:

 

File drop test is used to drop a file in the system32 folder, plenty of legimate programs will drop files in that folder. Its not a certain indication of malware. The same goes for the services test, if you install a new legimate program that requires a service to be run at startup (like Daemon tools/Nero/Vmware) it doesnt mean its bad.

 

However I can see what the test is trying to do. I wouldnt worry about your low score. I can go into more detail but if you hit the little "?" button that comodo test program it gives you more technical information about what its testing. I`ll be happy to answer any questions you have.

 

 

Thanks,

Roy

Threat Research,
Userlevel 7
You've hit on the right spot Roy. I wouldn't worry about the test result either.:)
Userlevel 7
Thanks Roy for your reassurance!

 

WSA usually doesn't seem to be strong in tests because WSA is so smart and intelligent solution which recognizes it's a test and not a real threat :D
Userlevel 7
Badge +37
Dear ,

Thank you .

 

When We use WSA , must windows firewall ON or Off ?

 

Regards ,

 
Userlevel 7
Surely ON because Win Firewall controls inbound traffic and WSA Firewall outbound traffic. They needs to be run together to have the complete Firewall protection.
Userlevel 7
Badge +37
Hi ,

agaian i run test and again give 50/340 .

 

COMODO Leaktests v.1.1.0.3

Date2:08:11 PM - 4/16/2013



OSWindows XP SP3 build 2600



1. RootkitInstallation: MissingDriverLoadProtected

2. RootkitInstallation: LoadAndCallImageVulnerable

3. RootkitInstallation: DriverSupersedeVulnerable

4. RootkitInstallation: ChangeDrvPathVulnerable

5. Invasion: RunnerProtected

6. Invasion: RawDiskVulnerable

7. Invasion: PhysicalMemoryVulnerable

8. Invasion: FileDropVulnerable

9. Invasion: DebugControlVulnerable

10. Injection: SetWinEventHookVulnerable

11. Injection: SetWindowsHookExVulnerable

12. Injection: SetThreadContextVulnerable

13. Injection: ServicesVulnerable

14. Injection: ProcessInjectVulnerable

15. Injection: KnownDllsVulnerable

16. Injection: DupHandlesVulnerable

17. Injection: CreateRemoteThreadVulnerable

18. Injection: APC dll injectionVulnerable

19. Injection: AdvancedProcessTerminationVulnerable

20. InfoSend: ICMP TestProtected

21. InfoSend: DNS TestVulnerable

22. Impersonation: OLE automationVulnerable

23. Impersonation: ExplorerAsParentVulnerable

24. Impersonation: DDEProtected

25. Impersonation: CoatProtected

26. Impersonation: BITSVulnerable

27. Hijacking: WinlogonNotifyVulnerable

28. Hijacking: UserinitVulnerable

29. Hijacking: UIHostVulnerable

30. Hijacking: SupersedeServiceDllVulnerable

31. Hijacking: StartupProgramsVulnerable

32. Hijacking: ChangeDebuggerPathVulnerable

33. Hijacking: AppinitDllsVulnerable

34. Hijacking: ActiveDesktopVulnerable

Score50/340



 
Userlevel 7
Can you uninstall/reinstall Webroot and dont import your settings and then re-run the test.
Userlevel 7
Badge +37
i reinstall my WSA : and now 30/340

 

COMODO Leaktests v.1.1.0.3

Date2:28:33 PM - 4/16/2013



OSWindows XP SP3 build 2600



1. RootkitInstallation: MissingDriverLoadProtected

2. RootkitInstallation: LoadAndCallImageVulnerable

3. RootkitInstallation: DriverSupersedeVulnerable

4. RootkitInstallation: ChangeDrvPathVulnerable

5. Invasion: RunnerProtected

6. Invasion: RawDiskVulnerable

7. Invasion: PhysicalMemoryVulnerable

8. Invasion: FileDropVulnerable

9. Invasion: DebugControlVulnerable

10. Injection: SetWinEventHookVulnerable

11. Injection: SetWindowsHookExVulnerable

12. Injection: SetThreadContextVulnerable

13. Injection: ServicesVulnerable

14. Injection: ProcessInjectVulnerable

15. Injection: KnownDllsVulnerable

16. Injection: DupHandlesVulnerable

17. Injection: CreateRemoteThreadVulnerable

18. Injection: APC dll injectionVulnerable

19. Injection: AdvancedProcessTerminationVulnerable

20. InfoSend: ICMP TestProtected

21. InfoSend: DNS TestVulnerable

22. Impersonation: OLE automationVulnerable

23. Impersonation: ExplorerAsParentVulnerable

24. Impersonation: DDEVulnerable

25. Impersonation: CoatVulnerable

26. Impersonation: BITSVulnerable

27. Hijacking: WinlogonNotifyVulnerable

28. Hijacking: UserinitVulnerable

29. Hijacking: UIHostVulnerable

30. Hijacking: SupersedeServiceDllVulnerable

31. Hijacking: StartupProgramsVulnerable

32. Hijacking: ChangeDebuggerPathVulnerable

33. Hijacking: AppinitDllsVulnerable

34. Hijacking: ActiveDesktopVulnerable

Score30/340



(C) COMODO 2008 and again testCOMODO Leaktests v.1.1.0.3

Date2:30:58 PM - 4/16/2013



OSWindows XP SP3 build 2600



1. RootkitInstallation: MissingDriverLoadProtected

2. RootkitInstallation: LoadAndCallImageVulnerable

3. RootkitInstallation: DriverSupersedeVulnerable

4. RootkitInstallation: ChangeDrvPathVulnerable

5. Invasion: RunnerVulnerable

6. Invasion: RawDiskVulnerable

7. Invasion: PhysicalMemoryVulnerable

8. Invasion: FileDropVulnerable

9. Invasion: DebugControlVulnerable

10. Injection: SetWinEventHookVulnerable

11. Injection: SetWindowsHookExVulnerable

12. Injection: SetThreadContextVulnerable

13. Injection: ServicesVulnerable

14. Injection: ProcessInjectVulnerable

15. Injection: KnownDllsVulnerable

16. Injection: DupHandlesVulnerable

17. Injection: CreateRemoteThreadVulnerable

18. Injection: APC dll injectionVulnerable

19. Injection: AdvancedProcessTerminationVulnerable

20. InfoSend: ICMP TestProtected

21. InfoSend: DNS TestVulnerable

22. Impersonation: OLE automationProtected

23. Impersonation: ExplorerAsParentVulnerable

24. Impersonation: DDEProtected

25. Impersonation: CoatVulnerable

26. Impersonation: BITSVulnerable

27. Hijacking: WinlogonNotifyVulnerable

28. Hijacking: UserinitVulnerable

29. Hijacking: UIHostVulnerable

30. Hijacking: SupersedeServiceDllVulnerable

31. Hijacking: StartupProgramsVulnerable

32. Hijacking: ChangeDebuggerPathVulnerable

33. Hijacking: AppinitDllsVulnerable

34. Hijacking: ActiveDesktopVulnerable

Score40/340



(C) COMODO 2008 interesting .
Userlevel 7
OK, one minute, let me test it in Win XP as I have only being testing WSA with that program in Win 7. Could just be an issue with XP and its numerous security holes 😃
Userlevel 7
Looks like its a Windows XP issue, I got 20 in my XP VM. As I said in my initial post I wouldnt worry about the results. If you are using WSA, make sure windows is up to date and update any 3rd party plugins (Java/Flash/Adobe).
Userlevel 7
Badge +37
Dear Rakanisheu

thank you so much .

i am not worry . :p

after update java and flash  get result 40/340 .

 

np .

 

 

 
Userlevel 7
Cool, due to the extra security options built into Vista/7 I would always expect XP to score lower. Its an interesting tool in anycase, thanks for the info. Always nice to try new things!
i think the "problem" is that the "comodo leak test" really is intended to be a test for HIPS programs.. the comodo firewall functions as a HIPS program.. i don't know it the webroot firewall is designed to function as a HIPS program, or not.. if the webroot firewall is designed to function as a normal firewall, as opposed to functioning as a HIPS program, i think an appropriate test for it would be GRC's "shieldsup".. GRC also has a "leaktest" that can be used to test a firewall's out-bound protection: http://www.grc.com/lt/leaktest.htm
Userlevel 7
@ wrote:

i think the "problem" is that the "comodo leak test" really is intended to be a test for HIPS programs.. the comodo firewall functions as a HIPS program.. i don't know it the webroot firewall is designed to function as a HIPS program, or not.. if the webroot firewall is designed to function as a normal firewall, as opposed to functioning as a HIPS program, i think an appropriate test for it would be GRC's "shieldsup".. GRC also has a "leaktest" that can be used to test a firewall's out-bound protection: http://www.grc.com/lt/leaktest.htm

Good point. But that doesn't explain the result Roy got in a Win7 system. Also WSA can be configured to act similar to a HIPS to quite some extent.
Userlevel 7
@Amit wrote:

Also WSA can be configured to act similar to a HIPS to quite some extent.
Yes Amit is right, if you set "Warn when new programs execute that are not trusted" under Heuristics settings you will have almost the full HIPS control.

Reply