The HIPS and Firewall Leak Test Suite contains five separate tests that simulate a range of dangerous exploits � including Root Kits, Background Intelligent Transfer attacks and process, injection attacks.
Rootkit Installation 1 - Loads a driver in via ZwSetSystemInformation API. A very old, known and effective way to install a rootkit.
Rootkit Installation 2 - Loads driver by overwriting a standard driver (beep.sys) and starting it with service control manager (e.g. Trojan.Virantix.B).
DLL Injection 1 - Injects DLL into trusted process (svchost.exe) by injecting APC on LoadLibraryExA with "dll.dll" as a param. The string "dll.dll" is not written into process memory, it's from the ntdll.dll export table which has the same address in all processes. The APC is injected into second thread of the svchost.exe which is always in alertable state.
DLL Injection 2 - An old technique. The DLL is injected via remote thread creation in the trusted process, without using WriteProcessMemory.
BITS Hijack - Downloads a file from the internet using "Background Intelligent Transfer Service" which acts from the trusted process (svchost.exe)
Select each test individually or leave the 'Run All Tests' box checked and click 'Test'��
�the results of the tests are indicated in the �State� column.
If your firewall passes the test, it should warn you that CLT.exe is trying to modify important system files. The alert shown on the above is just one of the warnings that Comodo Firewall Pro displays to the user.
Important Note: Although all tests should be passed, it is especially important that your system passes the two �Rootkit� tests. If it doesn�t, you should either re-configure your software to a higher security setting or possibly replace it with software that is capable of passing these tests.
Comodo uses the term Malware to define all malicious applications including:
When you see the term Malware, it could be one - or more than one - of these terms.
Comodo offers the Free Firewall software that helps block Malware from your machine before it can install itself.
Download firewall software