* Home Help Search Login Register  

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 23, 2013, 10:51:13 AM

Login with username, password and session length

663764 Posts
70586 Topics
145222 Members
Latest Member: connymaus

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Security Products & Services
| |-+  Comodo Internet Security - CIS
| | |-+  AV False Positive/Negative Detection Reporting
| | | |-+  Report recurring Heuristic (Heur.Suspicious) detections here		 « previous next »
Pages: 1 2 3 [4] 5 6 Go Down Print
Author Topic: Report recurring Heuristic (Heur.Suspicious) detections here  (Read 31336 times)
wasgij6
Global Moderator
Comodo's Hero
*****
Online Online

Posts: 3061



WWW
« Reply #45 on: February 19, 2012, 10:24:31 PM »
TDSSKiller
Logged
| Win 7 Ultimate (x32) SP1; Admin | UAC Disabled | CIS 6.1.276867.2813 | CD 26.2 | CID 20.0.1 | VMWare Workstation; XP (x32), 7 (x64) |
Chunli
Malware Research Group
Comodo's Hero
*****
Offline Offline

Posts: 1088
« Reply #46 on: February 19, 2012, 10:34:49 PM »
Hi,wasgij6 

Thank you for your submission.
We'll check this.

Best regards
Chunli.chen
Logged
EddyM
Newbie
*
Offline Offline

Posts: 1
« Reply #47 on: February 23, 2012, 02:40:21 PM »
Hi there,

After recent virus scans I get this come up :

Heur.Gen.Lama[at]117023117

C:\WINDOWS\system\wuauclt.exe

I dont know where it came from but every time I try and clean it with both CIS and CCE it comes back again.

Any help would be greatfully recieved.
Logged
FlorinG
First Response Group
Comodo's Hero
*****
Online Online

Posts: 1882
« Reply #48 on: February 23, 2012, 03:00:44 PM »
Hello EddyM,

Please submit the detected file as False Positive using the following link:

http://www.comodo.com/home/internet-security/submit.php

Thank you!

Best regards,
FlorinG
Logged
If possible please post your malware submissions as SHA1 lists. Always make sure first you have submitted the samples through CIS or CIMA . Thank you!
ekerazha
Comodo Family Member
***
Offline Offline

Posts: 79
« Reply #49 on: May 20, 2012, 05:48:54 AM »
Yesterday I submitted a false positive (an Acer BIOS updater) using this page: http://www.comodo.com/home/internet-security/submit.php

It was a 1.10 BIOS updater for my laptop.
Quote
Hi,

This is to inform you that false-positive with <P4LJ0110.exe> (SHA1: <c714c977497729f1f6fcccda9c49c5d7d2003523>)
has been fixed.
You can update to AV database Version <12365> of  Comodo Internet Security
Version<5.10.228257.2253> and confirm it.

Thanks.
The false positive has been fixed.

However, I had the same issue with previous BIOS updater versions (the last one was version 1.07). That false positive was fixed too.

So today I've tried to download the 1.08 version of the BIOS updater (that I never downloaded before) and... false positive.

Would it be possible to fix this issue permanently instead of having to whitelist every single new executable everytime?

This is the false positive of the 1.08 version of the Acer BIOS updater for my laptop model: https://valkyrie.comodo.com/Result.html?sha1=38634e6d172c450d355dc041a48156a7fa09d0cf&&query=0&&filename=P4LJ0108.exe

It is detected as Suspicious[at]#3rskatay839t9

You can whitelist another Acer BIOS updater (so many other updaters will be erroneously detected) or try to understand why Acer BIOS updaters are always detected as malware. Acer download page: http://us.acer.com/ac/en/US/content/drivers

 Smiley
« Last Edit: May 20, 2012, 05:55:47 AM by ekerazha » Logged
Ravikant
First Response Group
Comodo's Hero
*****
Offline Offline

Posts: 229
« Reply #50 on: May 20, 2012, 06:13:17 AM »
Hi ekerazha,



Thanks for reporting. We'll Check this.



Regards,
Ravikant
Logged
meidan
First Response Group
Comodo's Hero
*****
Offline Offline

Posts: 1179
« Reply #51 on: May 20, 2012, 03:46:05 PM »
Hi ekerazha,

This is to inform you that reported false-positive has been fixed.
You can update to AV database Version <12367> of  Comodo Internet Security
Version<5.10.228257.2253> and confirm it.
Thanks.

Kind Regards,
Erik M.
« Last Edit: May 20, 2012, 03:48:15 PM by meidan » Logged
ekerazha
Comodo Family Member
***
Offline Offline

Posts: 79
« Reply #52 on: May 21, 2012, 08:15:23 AM »
The last false positive that I reported has been fixed too, BUT I've tried to randomly download another Acer BIOS updater and... false positive.

Please stop whitelisting every single BIOS updater executable and fix the problem at the root.
Logged
Siketa
Comodo's Hero
*****
Online Online

Posts: 3155


ZIG ZAG
« Reply #53 on: October 25, 2012, 01:34:07 AM »
RogueKiller
Suspicious[at]#2gl17rirpx45

http://tigzy.geekstogo.com/roguekiller.php

https://www.virustotal.com/file/b24eb2ff5854fd60549ac2ac2bb6e572c1db7bf955e0a05f651246499d2b9918/analysis/
« Last Edit: October 25, 2012, 01:35:57 AM by Siketa » Logged
Srinivasan.G
Comodo Staff
Comodo's Hero
*****
Online Online

Posts: 313
« Reply #54 on: October 25, 2012, 01:49:17 AM »
Hi Siketa,

Thanks for reporting. We'll Check this.


Regards,
Srinivasan.G
Logged
FlorinG
First Response Group
Comodo's Hero
*****
Online Online

Posts: 1882
« Reply #55 on: October 25, 2012, 10:20:47 AM »
Hello Siketa,

This False Positive has been fixed. You can update to AV database Version 13977 of Comodo Internet Security Version 5.10.228257.2253 and confirm it.

Best regards,
FlorinG
Logged
If possible please post your malware submissions as SHA1 lists. Always make sure first you have submitted the samples through CIS or CIMA . Thank you!
RejZoR
Comodo's Hero
*****
Offline Offline

Posts: 1045
« Reply #56 on: November 03, 2012, 01:44:55 AM »
I keep on getting Heur.Packed.Unknown[at]4294967295 on CounterStrike:Global Offensive game when it receives an update through Steam (during the Completing setup phase). The "trick" is that i only get it when i have heuristics set on Medium or High. I don't get any warnings with Low setting. However since heuristics seem to be much more refined now and i haven't got any false positives on any other files i'd like to keep on using High setting, but i still want to get it fixed for this specific game.

Can't submit the file since you can't extract a file from Quarantine to any location, but i have submitted it through quarantine to Comodo labs (filename and path C:\Windows\Temp\~757D.tmp). Hope this helps.

I'm using CIS 6.0.252829.2560, one of mods recommended i submit the report even though i'm using CIS 6 BETA...
Logged
yosi501r
Newbie
*
Offline Offline

Posts: 19
« Reply #57 on: November 18, 2012, 03:41:23 PM »
vistart
2lwhfzphbv8hm
http://lee-soft.com/vistart/
Logged
Chunli
Malware Research Group
Comodo's Hero
*****
Offline Offline

Posts: 1088
« Reply #58 on: November 18, 2012, 07:19:45 PM »
Hi,yosi501r

Thank you for reporting this.
We'll check it and get back to you soon.

Best regards
Chunli.chen
Logged
Srinivasan.G
Comodo Staff
Comodo's Hero
*****
Online Online

Posts: 313
« Reply #59 on: November 19, 2012, 05:38:53 AM »
Hi yosi501r ,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <14252> of  Comodo Internet Security Version<5.12.256249.2599> and confirm it.

Regards,
Srinivasan.G
Logged
Tags:
Pages: 1 2 3 [4] 5 6 Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.065 seconds with 22 queries.
Powered by SMF 1.1.18 | SMF © 2006, Simple Machines Design by 7dana.com