Antivirus Firewall Software Leak Test

Martin Brinkmann
Mar 10, 2009
Updated • May 26, 2017
Antivirus, Software, Windows software

How good is your antivirus program or firewall? It is hard to tell as a end user. Sure, you can rely on information provided by test magazines, Internet websites, antivirus and firewall software developers, or opinions from friends and colleagues. All of those recommendations are to a degree based on opinion, and only some on tests that are applicable in the real world.

A good way to perform security tests on antivirus firewall software programs are so called leak tests. These tests simulate different kind of attacks and manipulations on a computer system without actually doing any harm to it. They usually present statistics at the end that tell you which tests the antivirus firewall software program passed and which it failed at.

Comodo HIPS and Firewall Leak Test Suite

Comodo Leaktest is but one of the many available leak tests on the Internet that test your firewall and antivirus solution.

The security software tests a total of 34 different attacks and manipulations of a computer system running the Microsoft Windows operating system when you hit the test button. Depending on the antivirus and firewall software in use some, all or none might spawn alerts.

Note: The nature of the program makes it a target for flagging by antivirus solutions. The program is harmless however, and if your antivirus solution flags the leak test, it is reporting a false positive. Still, if feel unsure about running the program, don't.

The software program displays a score in the end. The maximum amount of points is 340, 10 for each test passed. Each test is explained on a local HTML page that gets downloaded with the software program. Those information can be used to find out why a test has not been passed. It does require some research though as the information provided are only answers to the questions what the test is doing, and what the harm is if the test fails.

The leak test can be divided into different categories. It begins with some rootkits tests followed by invasion, injection, info send, impersonation and hijacking tests.


Comodo Leak Test is a portable security software that will test an antivirus firewall software that is installed on a Windows operating system. It provides the means to find out if your computer system is still - partially or fully - vulnerable to common attacks encountered locally and remotely.

Update: The program is not available anymore on the official Comodo website. One reason for this may be that it is no longer in active development. We have uploaded the latest version to our own server from which you may download it.

Since the program gets flagged by some antivirus solution, we have password protected it. The password is ghacks. Download the program with a click on the following link: (Download Removed)

software image
Author Rating
5 based on 3 votes
Software Name
Comodo Leak Test
Operating System
Software Category

Tutorials & Tips

Previous Post: «
Next Post: «


  1. hussain said on March 13, 2010 at 2:16 pm

    the best security for your PC is : ESET Smart Security 4, ZoneAlarm Extreme Security, Norton 360(version 4) and BitDefender total security 2010. this is the best software you can use ever.

    Note: DONT use the loser Kaspersky because it’s very weak it missed 81 virus on my PC and Norton 360 Removed them all with out UpDate.

  2. Dysprositos said on January 8, 2010 at 6:14 am

    Ha wow BitDefender 2010 blocked it right away when I tried to download it. Was blocked because it said the download was trojan.generic.2478252

  3. Basical said on August 22, 2009 at 1:25 pm

    I tested OSSS (Online Solutions Security suite) – new firewall and HIPS, it’s great — 340/340!!!
    Thanks for the tests!

  4. Foysol said on April 10, 2009 at 12:23 pm

    Plz give me this softwear

  5. Prateek said on March 28, 2009 at 7:18 pm

    actually you will get full 340 marks if you have a behaviour analysis program. You should block all the requests and you will get full marks. i tried with threatfire, comodo internet security and system protect and got 340 marks in all of them.

  6. Jojo said on March 19, 2009 at 12:07 am

    I don’t use Spyware Terminator. But I do have a host of other security programs running including Spyware Search & Destroy, Spyware Blaster, Comodo’s own firewall, Secunia, etc.

    I guess it is good then that something is successfully blocking attempts to insert DLL’s.

  7. Anonymous said on March 18, 2009 at 11:03 pm

    If you have Spyware Terminator, it’ll block the DLLs. Therefore, only 4 tests will be available. See the block actions and move the DLLs to the White List.

  8. Jojo said on March 12, 2009 at 6:24 am

    So everyone else is seeing 34 tests? No one else is seeing only 4 tests like I am?

  9. rickxs said on March 12, 2009 at 1:36 am

    hmmm 90 out of 340

  10. Lorissa said on March 11, 2009 at 12:40 pm

    And, of course this test was created to promote Comodo products … duh. It doesn’t take a mental giant to figure out that one.

    Most likely, even Martin will receive something of value for publishing this article here. So what?

    Companies (as well as most people in general) rarely do anything that costs money to produce or create without having a marketing benefit and goal in mind.

    1. Martin said on March 11, 2009 at 12:54 pm

      The value that I received were the comments of my visitors :)

  11. Lorissa said on March 11, 2009 at 12:27 pm

    @ abv –

    “Everybody”? What a ridiculously stupid statement! Few people in the World actually know how to even turn a computer on, much less about security.

  12. David Bradley said on March 11, 2009 at 10:57 am

    It did occur to me that might be the case, but how could anyone know for sure, they might have been infected and if we assume they’re dummy test viruses and get ravaged by something malicious who do we sue?

  13. watzabatza said on March 11, 2009 at 10:34 am

    I’ve got ESET anti virus.. a good anti virus I’ve ever tested… Many anti virus cannot detect some viruses that are hiding on files. But ESET can locate it. How about you guys?

  14. Jojo said on March 11, 2009 at 8:29 am

    I only get 4 tests shown when I start up the .exe file. And I passed 2 and failed 2.

    Where are the rest of the tests mentioned (34)?

    And there is a total lack of documentation or explanation about what to do with whatever results you achieve.

    Not impressed Comodo!

    COMODO Leaktests v.
    Date 11:16:25 PM – 3/10/2009

    OS Windows XP SP3 build 2600

    1. Injection: APC dll injection Vulnerable
    2. Injection: AdvancedProcessTermination Vulnerable
    3. Hijacking: AppinitDlls Protected
    4. Hijacking: ActiveDesktop Protected

    Score 20/40

  15. Dante said on March 11, 2009 at 6:18 am

    LOL. I tried to download this and use it as part of my intrusion kit. But my Avira and McAfee virus scans promptly picked it up. This will be useless for intrusion purposes :(

  16. Dante said on March 11, 2009 at 6:13 am

    To “abv” yeah, everybody knows that. But people like me keeps forgetting things. And once in a while, an article like this gets me off my rear end and run a test.

  17. Unit1 said on March 11, 2009 at 4:31 am

    I just ran the test on vista32 with nod smart security 4 and only got 110 and seeing that it failed its own product from post above COMODO Memory Firewall. I do not think that all of our setup’s can be that bad? it might be just a bad program for testing

  18. Dany said on March 11, 2009 at 1:44 am

    Score of 20 on XP whit McAfee VirusScan Plus + Comodo BOClean and COMODO Memory Firewall.

    Also my friend whit McAfee scored also 20.

    Can someone else reproduce this issue.

  19. rmb said on March 10, 2009 at 11:37 pm

    wow, scored only 150 with windows 7 and antivir XD
    disabled UAC probably is a true problem…

    LOL, my netbook with XP SP3 and Antivir scored 0 XD

    fortunately, the most time I use Linux :P

  20. David Bradley said on March 10, 2009 at 11:07 pm

    AVG antivirus flagged the two dll files associated with this download as malware. BITS.dll it said is a key logger and DNS.dll is a Trojan…any thoughts? False positives?

    1. Martin said on March 11, 2009 at 12:44 am

      David to test they need to emulate attacks which is the most likely reason for the scan results.

  21. Digital Ruse said on March 10, 2009 at 9:10 pm

    I just ran it on machines with Kaspersky, NOD32, and NIS2009. None of them broke a score of 200, which I find hard to believe.

    1. Martin said on March 10, 2009 at 10:04 pm

      A test on a Windows XP SP3 test system with Kaspersky 2009 running scored 290 of 340 points.

  22. Rarst said on March 10, 2009 at 6:58 pm


    And how does reason for creating product matters if it gets job done? If other firewall has hole this hole doesn’t get smaller from being tested with product created to promote Comodo. :)

  23. abv said on March 10, 2009 at 6:16 pm

    everybody knows this list
    for testing firewalls
    and VBulletin tests for testing antivirus

    Comodo Leaktest – this product was create for promoting Comodo products i think

  24. sensibleguy said on December 27, 2007 at 1:03 pm

    actually we cant trust any antivirus software because viruses are getting into pc still when an antivirus software is still installed.

  25. kurt said on January 7, 2006 at 10:52 pm

    it’s difficult to use the test as a descriminator for which products you can trust and which ones you can’t when all the products had such similar scores… combined with the question of how many of the samples really were viruses, it’s impossible to tell which one really had the best score and by what margin did others really fall short…

  26. Martin said on January 7, 2006 at 11:18 am

    I agree with you that the results are not the non plus ultra but they probably help you in your decision which you should use and trust.

  27. rwkohio said on January 6, 2006 at 5:29 pm

    I use AVG Free, NOD32 and Avast! at home (on different PCs) and they all seem to be effective. One nice feature with Avast! is that you can do a boot-time scan, which can help catch some trojans before they get loaded into memory.

  28. kurt said on January 6, 2006 at 4:56 pm

    unfortunately the test is probably worthless… with only 10,000 samples they’ve sampled at most about 7% of the virus population, and there’s no way to tell if that sample is representative of the whole virus population (in fact there’s little reason to believe there is such a thing as a ‘representative sample’ in this context)…

    further, the documentation for the test gives no information on how the samples were validated (just because a virus scanner calls something a virus doesn’t mean it really is one)… there’s a great deal of so-called scanner fodder out there that doesn’t actually self-replicate…

    many anti-virus tests are invalid on these two points alone… few people/organizations have the resources to do proper anti-virus testing, and without proper methods the results are suspect at best…

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.