SSS3测试后，Comodo v3 无法启动怎么办呀！！！

huai168an

测试是那个程序，我下载了SSTS，里面好多。。。。。

gumper

原帖由 huai168an 于 2008-8-8 16:50 发表
测试是那个程序，我下载了SSTS，里面好多。。。。。

ssts\bin\Level 7里sss3.exe，将下面横线之间修改保存ssts.conf拷贝到每一个覆盖，xxx.xxx.xxx.xxx替换改为你自己IP即可。（不包括横线）
______________________________________________________
#
# This is configuration file for Security Software Testing Suite.
#
# You are advised to read this file carefully and modify these settings before testing.
#
#
# Every line that starts with '#' is ignored. Blank lines are ignored.
# Every line that contains '=' defines a variable. The last line must be blank.
#


#
# The URL is used mostly by leak-tests. It contains the protocol, the domain and the location
# of the target web page that is to be accessed by the test.
#
url=http://www.matousec.com/projects/firewall-challenge/test.php


#
# The domain is used mostly by leak-tests. It is a DNS name of the Internet server that is to be accessed.
# The second level domain (domain2nd) should contain only two parts separated by a dot.
#
domain=www.matousec.com
domain2nd=matousec.com


#
# The target web page is used mostly by leak-tests. It describes the location of the target web page
# on the server that is specified by domain or IP.
#
page=/projects/firewall-challenge/test.php


#
# TCP/UDP IP address and target TCP/UDP port specify the target Internet server
# for some TCP/UDP oriented tests, mostly leak-tests.
#
ip_tcp=89.185.231.11
port_tcp=80

ip_udp=xxx.xxx.xxx.xxx
port_udp=53


#
# Raw IP address is used by some leak-tests that does not use TCP or UDP
# for a communication with the Interet server.
#
ip_raw=89.185.231.11


#
# IP address of the local interface is used by some spying tests.
#
ip_loc=xxx.xxx.xxx.xxx


#
# IP address of the peer is used by some performance tests.
# The peer is usually a server that helps measuring the performance.
# The client usually runs on the tested computer.
# The port specifies on which port the server listens.
# The buffer size specifies the size of a buffer to be sent.
# The count specifies a number of buffers of the given size to be sent.
#
peer_ip_tcp=xxx.xxx.xxx.xxx
peer_port_tcp=2222
peer_buf_size_tcp=1048576
peer_buf_cnt_tcp=500

peer_ip_udp=xxx.xxx.xxx.xxx
peer_port_udp=2222
peer_buf_size_udp=1400
peer_buf_cnt_udp=200000


#
# Data are used mostly by leak-tests.
# Short data (data46) may contain at most 46 characters.
# The data are usually encoded and appended to the URL with a delimiter.
#
data=I have failed the test
data46=I have failed the test
data_delimiter=?


#
# The pattern is searched among the incoming/read/received data.
# If the pattern is found it usually means that the attack was successful.
# pattern_net is used mostly by leak-tests.
# pattern_sniff is used by some spying tests.
#
pattern_net=YOUR SYSTEM FAILED THIS TEST
pattern_sniff=kafan


#
# The list of important processes, usually the processes of the tested product.
# The first line determines the number of the processes in the list.
# Then the names of the processes follows.
# This list must be modified before testing.
#
processes=2
cfp.exe
cmdagent.exe


#
# The list of important services and drivers, usually those that belong to the tested product.
# The first line determines the number of the services and drivers in the list.
# Then the names of the services and drivers follows.
# This list must be modified before testing.
#
services=1
cmdAgent


#
# This line must be modified before testing.
# If you modify its value to "I agree" you do proclaim that
#   1) you do understand the purpose of this testing suite,
#   2) you have modified the settings properly to made your tests relevant,
#   3) you do understand that it may damage your system or data,
#   4) you do agree with the licence that is available in the original package
#      of SSTS in licence.txt file.
#
agreement=I agree
______________________________________________________

[ 本帖最后由 gumper 于 2008-8-8 16:58 编辑 ]

周勃

哇，这么复杂？那我还是不玩了。

huai168an

clean pc mode  默认规则，没作用啊 ，即使允许了，还是正常的啊

Security Software Testing Suite - SSS3
Copyright by Matousec - Transparent security
http://www.matousec.com/


ERROR: Unable to add "SeShutdownPrivilege" to current process' token.
Error code: 5
Error message: 拒绝访问。


YOUR SYSTEM PASSED THE TEST!

重启后

Security Software Testing Suite - SSS3
Copyright by Matousec - Transparent security
http://www.matousec.com/


ERROR: Unable to connect service manager.
Error code: 1722
Error message: RPC 服务器不可用。



ERROR: Unable to open Internet page "http://www.matousec.com/projects/firewall-challenge/test.php?U1NTMzpJIGhhdmUgZmFpbGVkIHRoZSB0ZXN0" using InternetOpenUrl.
Unable to format error message for code 12007.

YOUR SYSTEM PASSED THE TEST!

[ 本帖最后由 huai168an 于 2008-8-8 17:29 编辑 ]

gumper

我的规则宽导致失败。

注册表HIPS发现

Configurations 0中
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Settings]
"BlockIfNoGUI"=dword:00000000

Configurations 1中
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\1\HIPS\Settings]
"BlockIfNoGUI"=dword:00000001

Configurations 0和1是什么关系？
安全模式下，我把Configurations 1中改为"BlockIfNoGUI"=dword:00000000看看

huai168an

Configurations 0 表示 对应规则中的一种，comodo - optimum security  （D+的规则）
1 表示 另一种  comodo - network security  （防火墙的规则）
在备份规则时你会发现的

对于 0 中的[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Settings]
"BlockIfNoGUI"=dword:00000000
应该是无界面的comodo，所以界面打不开 ，你搞反了，应该在0中改为dword:00000001

gumper

你的启动项有没有 -h
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="\"C:\\Program Files\\COMODO\\Firewall\\cfp.exe\" -h"

gwg829

168很强大  加分鼓励  

gumper

原帖由 huai168an 于 2008-8-8 17:36 发表
Configurations 0 表示 对应规则中的一种，comodo - optimum security  （D+的规则）
1 表示 另一种  comodo - network security  （防火墙的规则）
在备份规则时你会发现的

对于 0 中的[HKEY_LOCAL_MACHINE\S ...

改了后还是不行！！晕死了！！！555~~~Comodo把我搞晕了！

禁用D+是哪一个键值阿？？

[ 本帖最后由 gumper 于 2008-8-8 18:32 编辑 ]

huai168an

完全禁用D+勾选



没事不要自己搞啥测试啊

[ 本帖最后由 huai168an 于 2008-8-8 18:43 编辑 ]