Welcome, Guest. Please login or register.
December 24, 2009, 04:34:32 PM

Login with username, password and session length

344985 Posts
38085 Topics
86491 Members

Latest Member: solbuck

Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Desktop Security Products
| |-+  Comodo Internet Security - CIS
| | |-+  Bug Report - CIS
| | | |-+  False Positive/Negative reporting - (Is this a malware that CIS has/not detected?)
| | | | |-+  Re: COMODO Internet Security 3.10.102194.530 Bug Reports
« previous next »
Pages: [1] Go Down Print
Author Topic: Re: COMODO Internet Security 3.10.102194.530 Bug Reports  (Read 274 times)
jp10558
Comodo Family Member
***
Offline Offline

Posts: 99


« on: July 06, 2009, 01:16:04 PM »

Seems to be a few false positives immediately on install in the AV.

One is the PSEXESVC service, from SysInternals psexec tool to remotely start processes. It was found in C:\Windows\PSEXESVC.EXE  - it is detected as Unclassified malware[at]8163993

The second appears to be part of ghostscript - used to view postscript files or generate PDFs by many free PDF printers. This one is in C:\gs\gs8.54\bin\gswin32.exe - this one is Huer.Suspicious[at]22637055

The others appear to be XenoCode settings which are web based VMs to run browsers for testing without installing them. They vary but are all Huer.Suspicious
Logged
gmohan
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 487



« Reply #1 on: July 07, 2009, 03:11:09 AM »

Hi jp10558,
Seems to be a few false positives immediately on install in the AV.

One is the PSEXESVC service, from SysInternals psexec tool to remotely start processes. It was found in C:\Windows\PSEXESVC.EXE  - it is detected as Unclassified malware[at]8163993

The second appears to be part of ghostscript - used to view postscript files or generate PDFs by many free PDF printers. This one is in C:\gs\gs8.54\bin\gswin32.exe - this one is Huer.Suspicious[at]22637055

The others appear to be XenoCode settings which are web based VMs to run browsers for testing without installing them. They vary but are all Huer.Suspicious

The reported FP will be fixed in next updates.

Regards,
-Chandra Mohan
Logged
gmohan
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 487



« Reply #2 on: July 07, 2009, 08:20:55 AM »

Hi jp10558,
Seems to be a few false positives immediately on install in the AV.

One is the PSEXESVC service, from SysInternals psexec tool to remotely start processes. It was found in C:\Windows\PSEXESVC.EXE  - it is detected as Unclassified malware[at]8163993

The second appears to be part of ghostscript - used to view postscript files or generate PDFs by many free PDF printers. This one is in C:\gs\gs8.54\bin\gswin32.exe - this one is Huer.Suspicious[at]22637055

The others appear to be XenoCode settings which are web based VMs to run browsers for testing without installing them. They vary but are all Huer.Suspicious

The reported FPs have been fixed in DB 1575.

-Chandra Mohan
Logged
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.036 seconds with 18 queries.
Powered by SMF 1.1.11 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by 7dana.com