False Positive - Team Fortress 2 - Motion Mapper.exe

TechPriest · June 4, 2015, 8:10am

Comodo picks up C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\motionmapper.exe as a Trojan with the signature of TrojWare.Win32.Scar.Lsa

The File as well as the game was updated fairly recently and a detection only occured today and no other Anti-Virus program detects it as such

I have submitted the file also for analysis

Screenshot:

karthikR · June 4, 2015, 11:00am

Hi TechPriest,

Please submit the detected sample to us so we can check them.

Regards,
Karthikeyan

TechPriest · June 4, 2015, 11:41am

I have now submitted the file as you have asked, via the method you posted.

karthikR · June 4, 2015, 12:02pm

Hi TechPriest,

Thank you for reporting this.
We’ll check it and get back to you soon.

Regards,
Karthik R

spywar · June 7, 2015, 4:02pm

No news yet ?

TechPriest · June 7, 2015, 4:24pm

Nope not heard anything back yet, ive brought it to the attention of the staff though

ReviewsAntivirus · June 7, 2015, 5:40pm

I’m not sure what’s going on with Comodo recently.
They don’t fix FPs, submitted files aren’t added, camas.comodo.com doesn’t work correctly, files aren’t whitelisted… Is there some issue?

jackor · June 8, 2015, 1:24pm

…and it seems like all files submitted via the program are all “already sent”

spywar · June 8, 2015, 2:26pm

I contacted the staff…let’s see

sithlordadler · June 9, 2015, 8:20pm

I thought this was fixed already in a previous post.
I haven’t had a problem with Motionmapper.exe after I installed the newest comodo internet security.
https://forums.comodo.com/av-false-positivenegative-detection-reporting/fp-of-motionmapperexe-located-in-teamfortress2-t111236.0.html
In this thread, chunli said it was fixed as of av database version 22246

TechPriest · June 9, 2015, 8:27pm

My version of comodo was up to date as it could be as of the original post, and it still got detected again

spywar · June 9, 2015, 8:33pm

Can you upload the detected file (FP) by using the web form ?

It should get fixed faster.

TechPriest · June 9, 2015, 8:38pm

Yeah i already have, that was how i submitted it in the first place

sithlordadler · June 9, 2015, 8:48pm

Huh, that is actually quite strange. I guess we will have to see when a staff member replies.

sithlordadler · June 10, 2015, 9:47pm

Nevermind! Today comodo randomly prompted me with a malware alert, and it was this file.
I guess it is a false positive even on the newest database

Chunli · June 14, 2015, 4:43am

Hi,TechPriest

This is to inform you that false-positive has been fixed.
You can update to AV database Version <22443> of Comodo Internet Security Version<8.0.0.4142> and confirm it.

Best regards
Chunli.chen

TechPriest · June 14, 2015, 8:43am

I can confirm (at least on my end) that the detection no longer occurs