Comodo Firewall LeakTesting Block by Deep Guard

Hi All,

 

As for today (now), F-Secure Deep Guard detect and block Comodo Firewall Leaktest.

 

But you still have two option, either to allow or block the program.

 

 

Attention F-Secure Deep Guard Developer.

 

If the user still choose to allow the program to run, at least Deep Guard must block every run down test of Comodo Firewall Leaktest and GRC Firewall  Leaktest in order to pass the firewall leak test!

 

It must show results to Pass the Firewall Leaktest!

Comments

  • Hey Rusli

     

    the F-Secure bods must have bowed to your pressure Smiley Tongue Now let's see if they can do the same in Matousec's tests (the Comodo leak tests are pretty old now).

     

    I think it is a good PR exercise as some people do make their choice of AV/IS suite by the tests carried out at various testing sites. So like the EICAR test with AVs, performance in leak tests is used by some to select their firewall. 

     

    Can we ask what developments have there been in DeepGuard of late?

  • RusliRusli Posts: 991

    Laughs!

     

    I pressure F-Secure??? Ha ha ha!

     

     

     

    I've been too busy beta test or doing software testing for Microsoft.

     

    And since I am using Windows, I have to take the plunge of beta testing F-Secure as well.

     

    As I am runing a trial versions. (Living with a software time bomb)  I did not have a subscription keys lately.

     

     

    So I have to do a run down test both software at the same time.

     

    I've got Eset Nod bugging me to do beta testing for their product as well.

     

    And I have to skip Mac Appleseeding for Apple Beta Testings, because I did not have a Mac machine now.

     

    A couple of months back I have to crack my head learning BSD unix and come to find out that most of their old unix commands have been deprecated.

     

     

    I have to learn everything trial and error. I've got no one to turn to.

     

    Time are so tight at my end. Because I've been busy beta testing.

     

     

    Well, F-Secure will be sending to Av-Test and Av-Comparatives to do their product testings.

     

    Let see if they get a overall perfect scores in their products.

     

    I'll bet F-Secure is confident of winning another Av-Test awards.

     

    For the token, F-Secure Security Beta Team, SAS, Deep Guard Developers and their Beta Testers should get the credit of shelving their products to the mass market.

     

     Everyone is debugging their software at F-Secure.  They are good at Assembly Language Machine codes. Some of you might think it is a hex editor.

     

     

    Well as for Matousec, infact Matousec are a group of computer security experts who are known for their firewall leaktestings.

     

    I'm not a software developer. I'm just a beta tester. I don't do any coding!

     

     

     

     

  • RusliRusli Posts: 991

    Blackcat,

     

    Well you ask for it...

     

     

    I have submitted a report to F-Secure about Matousec.

     

    Let see what is their results on their testing would be.

     

    I've send some samples to them for analysis.

     

    What will the outcome be.

     

    I have to find out real soon.

     

     

    If F-Secure detects and pass the test for Matousec.

     

    F-Secure will be the first spot to have a full protection for firewall leaktest on matousec.

     

     

    Blackcat
  • RusliRusli Posts: 991

    Blackcat,

     

    This is F-secure reply on testing the Matousec, which I submitted the report to the F-Secure SAS Team:-

     

    Hello,

    Sorry for the delay in replying this inquiry.

    Kindly be noted that Matousec does not test with real malware.
    We focus on detecting malware that is seen in the wild. You can refer to our excellent protection score in both AV Test and AV Comparatives tests.

    We have analyzed the Matousec test results.
    Detecting those Matousec tricks & techniques that are also used by real malware have been added to DeepGuard roadmap.

    Should you have further concerns, please do not hesitate to email us again.

    Best regards,
    --------
    F-Secure Security Labs              http://www.f-secure.com/weblog/
    F-Secure Corporation                http://www.f-secure.com/

  • @Rusli

     

    good work. Now all you need to do is test the "modified" DeepGuard against Matousec's leak tests; Smiley Wink

     

    http://www.matousec.com/downloads/

     

     

  • RusliRusli Posts: 991

    Blackcat,

     

    I have send those files (complete) to F-Secure SAS Team already.

     

    So I believe the Deep Guard Security Team are looking into the matter.

     

    So let's hope everything is covered.

     

    Since no one is doing it. I have to forward and submit the reports and let F-Secure know about it.

     

     

     

     

  • Just tested the full 2014 IS version with CLT's; Allowed program to run;

     

    Capture.GIF

     

     

    Capture 2 .GIF

  • RusliRusli Posts: 991

    Blackcat,

     

    This is their Email reply from F-Secure SAS  team:-

     

    Hello,

    Thanks for your submission,

    The submitted sample already categories as Riskware and DeepGuard successfully block this program (tested in fsis2014).

    Should you have further concerns, please do not hesitate to email us again.


    Best regards,
    --------
    F-Secure Security Labs              http://www.f-secure.com/weblog/
    F-Secure Corporation                http://www.f-secure.com/

     

    Which I reported here:-

     

    > OS: Windows 7
    > Product: F-Secure Internet Security 2011
    > ProductVersion: F-Secure Ineternet Security 2014
    > DetectionName:
    > UpdatesVersion:
    >
    > Subject: Comodo Firewall Leaktesting CLT.zip unable to detect from DEEP GUARD
    >
    > Description:
    >
    > F-Secure Antivirus and F-Secure Internet Security unable to detect CLT.zip.
    >
    > It's actual a Comodo Firewall leaktesting program.
    >
    > Which I found via this site.
    >
    > http://personalfirewall.comodo.com/cltinfo.html
    >
    > F-Secure Deep Guard Failed the test when run. F-Secure Deep Guard did not
    > block it.

     

     

     

  • RusliRusli Posts: 991

    This is an awkward test that I find weird with F-Secure Deep Guard. 

     

    And I found to be really horrible.

     

    Inorder to pass the GRC leaktest.

    --------------------------------------------

     

    if you wanted to PASS the test with GRC Leak testing, this is steps which you need to do.

     

    https://www.grc.com/lt/leaktest.htm

     

    1.  Run grcleaktest.

     

    2. Deep Guard detect and prompt.

     

    3. I trust the application. Let it continue.

     

    4. The go to F-Secure Tools, Select Application permission, click details to block or click the applciation select to deny.

     

    5. Go to GRCLeaktest and select test for leaktest.

     

    6. And you will get the  "Unable to connect".

     

    Then GRCLeaktest will pass the test.

     

    As for the Comodo Firewall leaktest. I will not get a perfect score of 340/340!!!

     

    If I do a first test I get a score of 190/340. That is bad!!!

     

    I find Deep Guard very weird.

     

    if you want better results than this.

     

    Again, you have to do the awkward test like the followings:-

     

    1. Run clt.exe file.

     

    2. Deep Guard detect to block it. And CLT program launches.

     

    3. Select Exit. for the CLT program. (Don't click the test  button, just exit)

     

    4. Go to F-Secure tools, Application permission. Select Allow clt program from block. click close.

     

    5.run clt.exe again.

     

    6. Goto F-Secure tools, Applications permission, Select Block or Denyt this time under the clt.exe file. click close.

     

    7. Click on Test for the clt.exe file.

     

    8. Then you will see that the Deep Guard prompts again to block. Click close.

     

    9. Then will see the score 260/340.

     

    So that is the Awkward Tests that you have to do.

     

     

     

    As for the actual test is in this manner.

     

    1. Run GRCleaktest program.

     

    2.  Deep Guard detects it.

     

    3. click ok to block.

     

    4. GRCleaktest launches.

     

    5. Application Block prompts from Deep Guard. Click close.

     

    6. Select test for leaks from GRCleaktest, it will not run anything! Connecting.... and it will stuck there forever. And failed the GRCleak test.

     

     

    As for the Comodo Firewall leaktest.

     

    1. Run CLT.

     

    2. Deep Guard detects. Click ok to block.

     

    3. CLT program launches.

     

    4. Select test button.

     

    5. CLT program will be block. And will run the program.

     

     

     

    The next one, this is a bug that I found with GRCLeaktest.

     

    Okay go to the F-Secure Status settings, Deep Guard options and click all the tab options. Yeah Including the "Use the compatibility mode (lower security).

     

    And you know what GRCleaktest failed the test. And firewall leaktest is penetrated!!!

     

    That is a bug... Deep Guard did not detect when the program runs!!! 

     

     

     

     

     

     

  • RusliRusli Posts: 991

    Hey Blackcat,

     

    I don't think your Windows Firewall Filter programs works properly with F-Secure Internet Security 2014!!

     

    Well any other alternative options???

     

    Been too heavy beta testing till late at night or early morning.

     

    Hmm...

     

    have you test Agnitum Outpost Free???

     

    http://free.agnitum.com/

     

    Because BitDefender Free  Antivirus did not run to well with Comodo Firewall.

     

    It run okay with Avira Free and Comodo Firewall.

     

  • @Rusli

     

    "I don't think your Windows Firewall Filter programs works properly with F-Secure Internet Security 2014!!"

     

    What testing did you do? I ran Binisoft's Windows FireControl with FSIS for a couple of days and it picked up all outgoing connections and was a stable combination.

     

    But I am happy with running just FSIS, the Windows firewall and my NAT router. No infections seen (over many years) yet.

     

    PS when running other Security suites-Kaspersky-I have always disabled the program's inbuilt firewall and just ran with WF and a router.

     

    "Well any other alternative options???"

     

    You could run an AE to pick up outgoing connections e.g. AppGuard OR just run FSIS with WF or switch to FSAV and run your own firewall of choice.

     

    "have you test Agnitum Outpost Free???

     

    Not for years.

     

     

     

This discussion has been closed.