>I would believe Teatimer gave a false positive before I would believe Comodo's developers got and distributed a virus unnoticed by them and everyone else who's installed CPM.
Thanks; much clearer; now I understand exactly what you meant. I too have full confidence that Comodo has not distributed a virus unnoticed by them (or unnoticed by anyone else). I have not stated nor implied such. Now I understand why you pointed out that CPMInformation.exe is not a virus. I never stated that it was. I stated that it became infected, and that concerns me, ... and I hope Comodo.
At first, I hadn't realized that you were responding to the post title, instead thinking you had read the actual post but might have missed some things.
The title of the post does not mean that Comodo distributed a virus; merely that a component of CPM was detected with a virus (as outlined in the post), which was long after CPM had operated just fine.
The install that was taking place was not the install of Comodo Programs Manager. CPM had been installed for a long time prior (without incident then or afterwards, up until the install I was doing as reported). If the CPM component had been infected as distributed, it would have been discovered long ago. No virus software has detected anything wrong with my set of Comodo's files as Comodo distributed them. Neither has Spybot's Teatimer ever diagnosed any of my set of Comodo's files (as distributed by Comodo) with being infected. A lot of software has been installed on this system since CPM was installed without any issues.
CPMInformation.exe became infected long after its install and after many successful uses of CPM following its initial install (plus several CPM updates).
The infection happened after installing a bad software program (not related to Comodo). The infection would not get noticed until I installed the next software program, which triggered Comodo to monitor the install. In the process of Comodo's monitoring, CPMInformation.exe was started (by Comodo), and that is when Teatimer detected the Win32.Palevo infection. The title of the post is correct, but it goes with the actual post text.
Like most program files, the CPM component can become infected (by others). Then when executed (unless adequate measures are taken to prevent it by Comodo prior), it may or may not be detected depending on the ability of the user's anti-malware software.
That is my concern: that the program can be infected without Comodo's knowledge (currently), or Comodo's ability to prevent its execution after being infected. It is significant because of all the programs that could have been targeted, someone has decided to infect the CPMInformation.exe file. In its cleverness, it means that even if the infection is detected, some negative effect will be made because, in most cases the file (CPMInformation.exe) will be quarantined or removed, thus allowing installing processes to not be monitored or reported correctly. That is concerning because the reason we have CPM installed is to monitor other installs, and even more importantly, to detect malware installs. Anything that (cleverly or not) thwarts that process needs to be dealt with. It is a bit more work for a vendor to monitor its own software distribution files to ensure they do not become infected, and more work to repair those files if they become infected, but it can be done. Now that someone has targeted CPMInformation.exe, the security hole needs to be patched.
Again, the main concern is not so much that CPMInformation.exe was infected, but that it can become infected.
I now have additional information that ensures me that CPMInformation.exe was indeed infected (at the time of the Saluto install I mentioned). In its next full scan, Spybot (correctly) identified several other bad components installed by the same malware that infected CPMInformation.exe. I did not know that information when I originally posted.
At the time of the infection detection, several good programs had been installed since Spybot's last update, and for each one, Comodo Programs Manger executed as normal (not detected as being infected). If Spybot was identifying CPMInformation.exe as a false positive, it would have been due to a faulty Spybot update, and as such, it would have started reporting the false positives for the very first install following the update. Without any changes to Spybot (no updates), the malware install that infected CPMInformation.exe was detected on the next install (by Spybot). Good going Spybot! Spybot has had the ability to detect Win32.Palevo since 2010; it didn't just all of a sudden get it wrong.
I have seen Spybot evolve and improve, and I have seen Comodo's Programs evolve and improve; some (several) discontinued. I hope that doesn't happen to CPM. I have been around a long time, since before CP/M, and that means before Comodo too, because the slash was intentional.
Please don't think that Spybot was good in its day but antiquated now. Spybot is holding up very well, and is improving. Spybot Version 2.0 is (currently) in Beta. I don't have any reason to believe that Spybot is antiquated, or going away soon. If you have facts to prove otherwise, please post in the appropriate place and lead me to that post.
I do understand if your answer was based on the title rather than the actual post; you aren't the only one. There will be other CTPFP members that will state it was a false positive for them too.
The post was intended to point out the security issue to Comodo. Sorry to have distracted anyone else.