False positives and exploits which are undetected

[Guest]

[vadim]

We would be grateful for any information about false positives and exploits which are undetected by SiteInspector detection engine.

Thank you for all your feedbacks which help us to improve the detection technology.

[EricJH]

Stickied.

[morphiusz]

http://siteinspector.comodo.com/public/reports/21003

http://siteinspector.comodo.com/public/reports/21007



--> http://siteinspector.comodo.com/public/reports/21016

[wasgij6]

idk if SI uses just the cloud or not.

but this is caught by comodo av but is said to be safe by SI

http://siteinspector.comodo.com/public/reports/21137

http://valkyrie.comodo.com/Result.aspx?sha1=328DFE45945A3E555614B8D83624C3D31BAB6453&&query=0&&filename=Le

http://www.virustotal.com/file-scan/report.html?id=3585fcbe71d13aeb9fb1f0e9a63f0e3e5b264d9b86249747ffe3cd04d4067e0e-1304142320

[morphiusz]

exploit:

> http://siteinspector.comodo.com/public/reports/22005

>

[wasgij6]

http://siteinspector.comodo.com/public/reports/22441

[morphiusz]

This exploit http://siteinspector.comodo.com/public/reports/24028

creates this file on desktop: http://www.virustotal.com/file-scan/report.html?id=819805e042c621d2565b050fbce6f9dcde781d4ee2c4f7a8f2fa56b61d1cbe05-1304371147

and wants to run it.

(when you are using IE).

> http://siteinspector.comodo.com/public/reports/30696 exploit not detected by si engine

active java exploit - http://siteinspector.comodo.com/public/reports/32379

undetected - http://siteinspector.comodo.com/public/reports/38213

[wasgij6]

it took a while but i finally found something thats undetected
http://siteinspector.comodo.com/public/reports/46941

http://valkyrie.comodo.com/Result.aspx?sha1=BDB0AEC982BFBCFBE65E16BB5BD832784ECB5CD5&&query=0&&filename=atualizar.exe

http://www.virustotal.com/file-scan/report.html?id=d68abae55e1dc9e8a20512437ea337a2404fcdf4a4e890a3de80f8852f989965-1307249089

[morphiusz]

It's only because Comodo AV cannot detect it..
When it will be added to AV database it will be detected.
SI didn't fail .
Submit this file to the AV lab.

[wasgij6]

undetected java exploit
http://siteinspector.comodo.com/public/reports/108904

[morphiusz]

http://siteinspector.comodo.com/public/reports/171236

false positive

http://siteinspector.comodo.com/public/reports/171236 - FP? and other reffering to google

i believe that they are FP also:

http://siteinspector.comodo.com/public/reports/171426
http://siteinspector.comodo.com/public/reports/171379
http://siteinspector.comodo.com/public/reports/171658
http://siteinspector.comodo.com/public/reports/171625
http://siteinspector.comodo.com/public/reports/171553
http://siteinspector.comodo.com/public/reports/171497

[wasgij6]

http://siteinspector.comodo.com/public/reports/171236

if this is a FP then there are a lot because all its saying is a file was downloaded into temporary internet files which is what happens when you install a program

[morphiusz]

i think that it is working differently. it checks action preformed by browser without user premission.

[wasgij6]

i think that it is working differently. it checks action preformed by browser without user premission.

maybe but i have tested SI against some legit download sites like filehippo.com and i put the link it for ccleaner installer and it flags it as a medium risk.

http://siteinspector.comodo.com/public/reports/172069

[morphiusz]

so that should be fixed asap ...

[Tags:]