False positive. When will it stop?

[Guest]

[MJ.nfl]

I can't believe the number of false positives that Comodo detects.

Comodo detected maybe 2-3 viruses in my PC, but it also detected more than a 100 FP.

I uploaded one FP a month ago and it was fixed. Now a month or more later, the same FP comes back again.

So my question is, when will it stop, when will Comodo fix this problem?

[dave1234]

Hello. My estimation as to when will fps stop will be, never!. I say this because no matter what av you have there will always be an fp problem due to new programs and software constantly changing.. I think you mean that the number of fps have been horrendous. I will agree there and say i reckon when the data base is dramatically reduced via the intro of family sigs to say around 1.5million  (if thats possible) then i think we will see a reduction . I also feel it may take until version 4 and the intro of Cima  which may finally solve the problem of an extrodinary ammount of fps.

Regards
Dave1234.

[smage]

I hope that it will improve with v4.

[EricJH]

Did you notch up the Heuristics setting to anything higher than Low? With settings higher than Low you will get lots of FP's. Just stick to the default Low setting.

[umesh]

Hi MJ,

I can't believe the number of false positives that Comodo detects.

Comodo detected maybe 2-3 viruses in my PC, but it also detected more than a 100 FP.

I uploaded one FP a month ago and it was fixed. Now a month or more later, the same FP comes back again.

So my question is, when will it stop, when will Comodo fix this problem?

If you can give details of FP you are seeing, it will help.

Thanks
-umesh

[hailong.wang]

I can't believe the number of false positives that Comodo detects.

Comodo detected maybe 2-3 viruses in my PC, but it also detected more than a 100 FP.

I uploaded one FP a month ago and it was fixed. Now a month or more later, the same FP comes back again.

So my question is, when will it stop, when will Comodo fix this problem?

Hi MJ.nfl,

Sorry for the inconvenience.
If you can find the FP file,you can submit through this link:http://internetsecurity.comodo.com/submit.php.Then we can go to have a look at it.And if it's not an FP,we will send a mail to u.

Thanks and Regards,
hailong.wang

[MJ.nfl]

[at]EricJH
It is the default Low setting.

[at]umesh
Here is a screenshot.

[at]hailong.wang
I submitted FP.

Virus total result (it doesn't show that Comodo detects it)
http://www.virustotal.com/analisis/6cbbaa2159a019fdbd8ce4a39970ddf112b2abd195fc4cf74e1cabbfa8ee8e89-1251031855


PS: Sorry for late reply. Had to go to job.

[MJ.nfl]

I got Email answer.

Reported False-Positive Can Not Be Processed: SignSIS-GUI.exe (SHA1:e2f72b48b995003085ef54935759274978d4877e)

Hi,

This is to inform you that we have scanned SignSIS-GUI.exe (SHA1:e2f72b48b995003085ef54935759274978d4877e) with latest antivirus
database version 2068 of Comodo Internet Security Version
5.10.102194.531 and have not found this file being detected.

Please check again. If the problem u found, occurs again, Please report
in comodo forum with more details that you can give about the detection
such as screenshot of the detection, etc.

Forum link:
http://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected-b154.0/

Regards,
Chandra Mohan G
Comodo Anti-Virus Lab.

PS: It is still detected

[MJ.nfl]

FP while updating Utorrent

[hailong.wang]

[at]EricJH
It is the default Low setting.

[at]umesh
Here is a screenshot.

[at]hailong.wang
I submitted FP.

Virus total result (it doesn't show that Comodo detects it)
http://www.virustotal.com/analisis/6cbbaa2159a019fdbd8ce4a39970ddf112b2abd195fc4cf74e1cabbfa8ee8e89-1251031855


PS: Sorry for late reply. Had to go to job.

Hi MJ.nfl,

We have checked the file,of which the sha is "e2f72b48b995003085ef54935759274978d4877e" in our latest DB 2075 V(3.10.102363.531) and found not detected.Pls check the version of CIS whether it's latest or not.If anything wrong,pls let us know.

Thanks and Regards,
hailong.wang

[hailong.wang]

FP while updating Utorrent

Hi MJ.nfl,

This is not an FP.As the file has two suffix,so it's detected as Heur.Dual.Extensions.If you really want to continue use this file, You can add the file to the exclusion list.

Thanks and Regards,
hailong.wang

[rlshosting]

I have never kept this anti-virus on my computer. My computer has detected Cool Speech Installation as a virus and winrar and flash player as a virus. I have Heuristics off. The amount of FP is nuts. Its a turn off seeing common every day programs including flash player as a virus!

[MJ.nfl]

hailong.wang, thanks for trying.

I checked again now and it is still detected.

1. CPU Athlon 64 X2 4600+
2. Windows XP pro, service pack 3, 32 bit
3. CIS 3.10.102363.531
4. Antivirus - default settings
5. Firewall - custom policy mode
6. Defense+ - clean PC mode
7. Administrator account

Virus database version 2079

[Ionel]

Hi MJ.nfl,

The file is detected by CIS because it has two extensions. Multiple extensions is one of the procedures used by malware writers to trick the users into running the file. Heuristics implemented with CIS do warn about double extension of file and let user decide whether to continue or to remove it.

We are constantly building our list of safe files so heuristics will recognize the files which do not represent any kind of threat. Situations when files are misdetected by heuristics appear due to version change/update of programs. If a file is added to our safe list, only that specific file is considered safe, any change like replacing, updating or modifying the file in any way or using any method will not be considered safe and therefore, if some conditions are met, heuristics might be triggered until we confirm that file is ok and we add it to safe list.

You can submit any files you encounter that you believe are misdetected by CIS and we will add them to our safe list after confirming they're safe to use. This can be done by following this link http://internetsecurity.comodo.com/submit.php .

Thanks and regards,
Ionel

[MJ.nfl]

Hello,

This is to inform you that false-positive with SignSIS-GUI.exe  (SHA1: e2f72b48b995003085ef54935759274978d4877e) has been fixed. You can update to AV database  Version 2082 of Comodo Internet Security Version 3.10.102363.531 and confirm it.

Regards,
Sonia Botezatu
Comodo Antivirus Lab.


Still detected

1. CPU Athlon 64 X2 4600+
2. Windows XP pro, service pack 3, 32 bit
3. CIS 3.10.102363.531
4. Antivirus - default settings
5. Firewall - custom policy mode
6. Defense+ - clean PC mode
7. Administrator account

Virus database version 2082

[Tags:]