* Home Help Search Login Register  

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 25, 2013, 01:48:28 PM

Login with username, password and session length

664068 Posts
70633 Topics
145262 Members
Latest Member: EricNorris

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Security Products & Services
| |-+  Comodo Internet Security - CIS
| | |-+  AV False Positive/Negative Detection Reporting
| | | |-+  Anti-rootkit: IceSword 1.22		 « previous next »
Pages: [1] Go Down Print
Author Topic: Anti-rootkit: IceSword 1.22  (Read 5260 times)
gibran
Average User
Comodo's Hero
*****
Offline Offline

Posts: 5056


A bad workman always blames his tools
« on: September 12, 2008, 11:40:29 AM »
Icesword 1.22 Homepage: http://www.antirootkit.com/software/IceSword.htm

is detected as Anti.Genetik2.IceSword.1220@72508 and thus deleted by CIS 3.5.50676.393 Realtime scanner.

Information about AV signature DB version is N/A but I can confirm that the signature was updated before scanning.
« Last Edit: September 12, 2008, 11:54:03 AM by gibran » Logged
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams
darkmax
Comodo Family Member
***
Offline Offline

Posts: 95
« Reply #1 on: September 18, 2008, 01:17:21 AM »
Dude.... you are confusing me... is Icesword a anti-rootkit program, or is it being treated as a rootkit by CFP?
Logged
3xist
Guest
« Reply #2 on: September 18, 2008, 02:59:42 AM »
Quote from: darkmax on September 18, 2008, 01:17:21 AM
Dude.... you are confusing me... is Icesword a anti-rootkit program, or is it being treated as a rootkit by CFP?

Icesword is a legit anti-rootkit prog and it being reported as a malware by CAV 3 in CIS. That's what we call False Positives.   Wink

Josh
Logged
WaterWall
Guest
« Reply #3 on: September 18, 2008, 03:05:34 AM »
It's not a 100 % false postive IMO. In bad hands, this tool can do harm. Same as the desktop viewing software  Roll Eyes
Logged
gibran
Average User
Comodo's Hero
*****
Offline Offline

Posts: 5056


A bad workman always blames his tools
« Reply #4 on: September 18, 2008, 01:04:47 PM »
Quote from: Commodus on September 18, 2008, 03:05:34 AM
It's not a 100 % false postive IMO. In bad hands, this tool can do harm. Same as the desktop viewing software  Roll Eyes

Yep I guess I somewhat filed something incorrectly.

I don't know the CAV threat taxonomy but there should be many categories for various types of codes.

Icesword belong to the Anti class Genetik2 subclass (don't ask me what this mean)

A related submission would be:

Quote from: mrahk on September 18, 2008, 09:06:29 AM
CIS detects the file fdiag.exe (from FreshDiagnose a product by FreshDevices) as being the malware Anti.Fdiag.02[ at ]57609

I guess that's a false positive.

FreshDiagnose too belonged to that Anti class

The only reason I reported that because it was deleted due to "Automatically delete threats found after scanning"

I posted a related wishlist in CIS beta wishlist topic.
« Last Edit: September 18, 2008, 01:18:30 PM by gibran » Logged
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.039 seconds with 21 queries.
Powered by SMF 1.1.18 | SMF © 2006, Simple Machines Design by 7dana.com