Page 2 of Post here your unfixed FP's (only after 2 days) | AV False Positive/Negative Detection Reporting

monkeytails

Newbie

Offline

Posts: 8

Re: Post here your unfixed FP's (only after 2 days)

« Reply #15 on: March 15, 2009, 09:43:53 AM »

Quote from: sureshk on March 15, 2009, 02:02:28 AM

Hi monkeytails,

Thanks for reporting,
FYI : evidence.boc is a backup file ,which BOClean takes before removing the file on detection.

That might not be a FP.

Thanks and Regards,
Suresh.

Checked BOClean logs and shows a detection of leaktest.exe.

If this a backup that BOClean creates (Am I understanding you correctly?), then the AV of CIS will always detect the backup file. Again correct me if im wrong.

So should I delete this file or permanently exclude it or the folder from scaning... Huh

regards

monkeytails

Edit: have answered my question by looking at the BOClean on line help...will delete from computer.

Thanks for your help.


« Last Edit: March 15, 2009, 09:48:51 AM by monkeytails »	Logged

wrapper

Comodo Member

Offline

Posts: 33

Re: Post here your unfixed FP's (only after 2 days)

« Reply #16 on: March 17, 2009, 05:22:29 PM »

HI,

I am posting this at the request of Experience. My initial False Positive report is below, along with the message from Suresh that the problem was fixed.

On the morning of 03/17/09 I had to restore a backup to my laptop, and took the opportunity to install the latest CIS (3.8.65951.477, data base 1062) and BOClean 4.27. Almost immediately, CIS showed 1 threat found, and it was the same ALCXSENS.SYS driver mentioned in my initial post, again as a Heur.Pck.tElock . What was very strange was that after an hour or so, the summary screen shows no threats found, (down from 1 earlier) yet the Antivirus events log still shows the detection.

I don't know that it matters, but I am running XP Home SP3 on a Gateway laptop with an AMD Athlon 64 3400+ with 1 GB memory, and the CIS settings are all default.

Wrapper

Quote from: wrapper on March 09, 2009, 01:24:36 PM

Hi,

I had a problem with an earlier version of CIS saying "the virus database is not updated" and/or "the AV engine is not started," so I updated to the latest version 3.8.65951.477 db version 1039, heuristic scan set to "low," and started to scan the main drive and the "restoral" drive setup by Gateway yesterday, 3/09/09. The Heur.Pck.tElock popped up several times, with different files, all of which had been on the PC for months to even years without incident. I submitted the files to Virustotal, and they were all OK. What was very strange to me was that on the analysis of the alcxsens.sys driver (a Sensaura WDM 3D Audio Driver) showed that Comodo had no problem with the file, yet my installation flags it as an error.

I'll email this report as well.

Wrapper

Topic Summary
Posted on: March 10, 2009, 08:56:24 AMPosted by: sureshk
Insert Quote
Hi wrapper,

FP has fixed.Please confirm with our latest Updated base.

Thanks for Reporting.

Thanks and Regards,
Suresh.


	Logged

Sriram P

Comodo Loves me

Offline

Posts: 105

COMODO India

Re: Post here your unfixed FP's (only after 2 days)

« Reply #17 on: March 31, 2009, 04:35:24 AM »

Quote from: oldCoCo3user on March 30, 2009, 07:49:39 PM

Hello,

Suspect False Positive
File Name: HP_Demo.exe
Identified as: Heur.Pck.MoleBox
Reported: March 3,2009 by EMAIL
Present database version 1090

Ralph

Hi oldCoCo3user,
Can you please send the suspected file to us. Please visit this link on https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/how_to_report_false_positivessuspicious_files_how_to_submit_them-t36051.0.html
to know more on submission of files.

Regards,
Sriram.P


	Logged

Sriram P

Comodo Loves me

Offline

Posts: 105

COMODO India

Re: Post here your unfixed FP's (only after 2 days)

« Reply #18 on: April 07, 2009, 08:02:10 AM »

Quote from: sriramp on March 31, 2009, 04:35:24 AM

Hi oldCoCo3user,

Thank you for submitting the file. The reported False Positive has been fixed.

Regards,
Sriram.P


	Logged

rabrown

Newbie

Offline

Posts: 6

Re: Post here your unfixed FP's (only after 2 days)

« Reply #19 on: May 06, 2009, 11:24:04 PM »

I reported archlp.dll as an FP during the weekend. It is part of Arcsoft's Total Media Theater installation. Copy of the file was submitted through CIS RC 2. Not yet fixed in ver 1154. Identified as unclassified malware[at]14955904.

Richard


	Logged

Sriram P

Comodo Loves me

Offline

Posts: 105

COMODO India

Re: Post here your unfixed FP's (only after 2 days)

« Reply #20 on: May 08, 2009, 08:06:19 AM »

Quote from: rabrown on May 06, 2009, 11:24:04 PM

Hi rabrown,

The reported FP has been fixed. Please update your AV to base v1157 and check on it.

Thanks and Regards,
Sriram.P


	Logged

rabrown

Newbie

Offline

Posts: 6

Re: Post here your unfixed FP's (only after 2 days)

« Reply #21 on: May 08, 2009, 12:30:16 PM »

Hi Sriram.P,

Thanks. It is no longer being identified as malware.

Richard


	Logged

Lasse88

Usability Study Member
Comodo's Hero

Offline

Posts: 432

Re: Post here your unfixed FP's (only after 2 days)

« Reply #22 on: May 18, 2009, 07:33:02 AM »

These are still not fixed.

C:\WINDOWS\system32\nmfast50.bpl
C:\WINDOWS\system32\vcldbx50.bpl

https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/11_false_positives-t39265.0.html;msg284699#msg284699

Database: 1172

please write here, or in my post when it's fixed, or been read.


« Last Edit: May 18, 2009, 02:53:27 PM by Lasse88 »	Logged

"Wise men speak because they have something to say; Fools because they have to say something." - Plato
"It is better not to speak and be thought a fool, then to open your mouth and remove all doubt." - Mark Twain
"I Reject your reality and substitute my own" - Adam Savage (Mythbusters)

gmohan

Comodo's Hero

Offline

Posts: 368

Re: Post here your unfixed FP's (only after 2 days)

« Reply #23 on: May 19, 2009, 12:56:21 AM »

Hi Lasse88,

Quote from: Lasse88 on May 18, 2009, 07:33:02 AM

The mentioned FP will be fixed in subsequent updates.

Regards
-Chandra Mohan


	Logged

Sriram P

Comodo Loves me

Offline

Posts: 105

COMODO India

Re: Post here your unfixed FP's (only after 2 days)

« Reply #24 on: May 19, 2009, 09:18:21 AM »

Quote from: Lasse88 on May 18, 2009, 07:33:02 AM

Hi Lasse88,

The reported False positives were identified and Fixed. Please update your Antivirus to 1174 and confirm the fix.

Thanks and Regards,
Sriram.P


	Logged

disPPlay

Malware Research Group
Comodo's Hero

Offline

Posts: 843

WE <3 COMODO

Re: Post here your unfixed FP's (only after 2 days)

« Reply #25 on: May 19, 2009, 10:57:22 AM »

http://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/fp_unclassified_malwareat17324961-t39594.0.html

it's yet unfixed


	Logged

Lasse88

Usability Study Member
Comodo's Hero

Offline

Posts: 432

Re: Post here your unfixed FP's (only after 2 days)

« Reply #26 on: May 19, 2009, 01:30:04 PM »

Quote from: Sriram P on May 19, 2009, 09:18:21 AM

Hi Lasse88,

The reported False positives were identified and Fixed. Please update your Antivirus to 1174 and confirm the fix.

Thanks and Regards,
Sriram.P

confirmed


	Logged

gmohan

Comodo's Hero

Offline

Posts: 368

Re: Post here your unfixed FP's (only after 2 days)

« Reply #27 on: May 20, 2009, 08:06:26 AM »

Hi DiSP,

Quote from: DiSP on May 19, 2009, 10:57:22 AM

http://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/fp_unclassified_malwareat17324961-t39594.0.html

it's yet unfixed

Mentioned FP will be fixed in next updates

Regards,
-Chandra Mohan


	Logged

Sriram P

Comodo Loves me

Offline

Posts: 105

COMODO India

Re: Post here your unfixed FP's (only after 2 days)

« Reply #28 on: May 22, 2009, 01:45:28 AM »

Quote from: DiSP on May 19, 2009, 10:57:22 AM

http://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/fp_unclassified_malwareat17324961-t39594.0.html

it's yet unfixed

Hi DiSP,

We have fixed the reported false positive. Please refer to your post for more information on the fix.

Thanks and regards,
Sriram.P


	Logged

patrice58

Computer Security Testing Group
Comodo's Hero

Offline

Posts: 758

Re: Post here your unfixed FP's (only after 2 days)

« Reply #29 on: May 27, 2009, 06:30:18 PM »

Heur.Suspicious[at]19750095 location X:\Downloads\H\WD_Windows_Tools\Google\Desktop\ESN\setup.exe.downloading

Tested with database 1203

Original forum post https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/maybe_a_fp-t40073.0.html


	Logged

Vista Home Premium 32 bit (user account) CISC 4.1.150349.920 + CAV (On Access) + Sandbox,V-Engine 2.7.0.37, SpywareBlaster 4.3, SAS (free), a-squared (free) MBAM (free) Finjan Secure Browsing, Windows Defender (scanner only), Zemana AntiLogger 1.9.2.206,

Tags:

Pages: 1 [2] 3 4 ... 13

« previous next »

Jump to:

SSL Certificate

Free Virus Removal

Firewall

Page created in 0.061 seconds with 22 queries.

Design by 7dana.com