Hi Lt.ganda,
Please check with the latest base update.
Thanks,
Ramanan
Hi MJ.nfl,
The file in question is detected by heuristics and is a cracking application. Although it is not a “maliclious software”, the purpose of the detection is to warn the user about potentially unwanted/dangerous applications. Moreover, such cracking applications are packed/protected by some non standard programs which are used almost only by malicious files. This detection is one such generic detection. If someone still wants to use the ■■■■■ application, the user can just add the file to exclusion list.
Thanks,
Ramanan
False Positive in relation to BOClean files (evidence.boc) has reappeared although different threat this time.
See attached image file.
Should I upload to avlab again?
Edit: reappeared with Database version 1049 and still present with Database version 1056
[attachment deleted by admin]
Hi monkeytails,
Thanks for reporting,
FYI : evidence.boc is a backup file ,which BOClean takes before removing the file on detection.
That might not be a FP.
Thanks and Regards,
Suresh.
Checked BOClean logs and shows a detection of leaktest.exe.
If this a backup that BOClean creates (Am I understanding you correctly?), then the AV of CIS will always detect the backup file. Again correct me if im wrong.
So should I delete this file or permanently exclude it or the folder from scaning…???
regards
monkeytails
Edit: have answered my question by looking at the BOClean on line help…will delete from computer.
Thanks for your help.
HI,
I am posting this at the request of Experience. My initial False Positive report is below, along with the message from Suresh that the problem was fixed.
On the morning of 03/17/09 I had to restore a backup to my laptop, and took the opportunity to install the latest CIS (3.8.65951.477, data base 1062) and BOClean 4.27. Almost immediately, CIS showed 1 threat found, and it was the same ALCXSENS.SYS driver mentioned in my initial post, again as a Heur.Pck.tElock . What was very strange was that after an hour or so, the summary screen shows no threats found, (down from 1 earlier) yet the Antivirus events log still shows the detection.
I don’t know that it matters, but I am running XP Home SP3 on a Gateway laptop with an AMD Athlon 64 3400+ with 1 GB memory, and the CIS settings are all default.
Wrapper
Topic Summary
Posted on: March 10, 2009, 08:56:24 AMPosted by: sureshk
Insert Quote
Hi wrapper,
FP has fixed.Please confirm with our latest Updated base.
Thanks for Reporting.
Thanks and Regards,
Suresh.
Hi oldCoCo3user,
Can you please send the suspected file to us. Please visit this link on https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/how_to_report_false_positivessuspicious_files_how_to_submit_them-t36051.0.html
to know more on submission of files.
Regards,
Sriram.P
Hi oldCoCo3user,
Thank you for submitting the file. The reported False Positive has been fixed.
Regards,
Sriram.P
I reported archlp.dll as an FP during the weekend. It is part of Arcsoft’s Total Media Theater installation. Copy of the file was submitted through CIS RC 2. Not yet fixed in ver 1154. Identified as unclassified malware@14955904.
Richard
Hi rabrown,
The reported FP has been fixed. Please update your AV to base v1157 and check on it.
Thanks and Regards,
Sriram.P
Hi Sriram.P,
Thanks. It is no longer being identified as malware.
Richard
These are still not fixed.
C:\WINDOWS\system32\nmfast50.bpl
C:\WINDOWS\system32\vcldbx50.bpl
Database: 1172
please write here, or in my post when it’s fixed, or been read.
Hi Lasse88,
The mentioned FP will be fixed in subsequent updates.
Regards
-Chandra Mohan
Hi Lasse88,
The reported False positives were identified and Fixed. Please update your Antivirus to 1174 and confirm the fix.
Thanks and Regards,
Sriram.P
it’s yet unfixed
confirmed :-TU
Hi DiSP,
Mentioned FP will be fixed in next updates
Regards,
-Chandra Mohan
Hi DiSP,
We have fixed the reported false positive. Please refer to your post for more information on the fix.
Thanks and regards,
Sriram.P
Heur.Suspicious[at]19750095 location X:\Downloads\H\WD_Windows_Tools\Google\Desktop\ESN\setup.exe.downloading
Tested with database 1203
Original forum post https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/maybe_a_fp-t40073.0.html
Hi Camille Case,
Reported FPs have been fixed in DB 1224.
Regards,
-Chandra Mohan