Author Topic: AV False positive ate Courier email exe  (Read 735 times)

Offline cactuspat

  • Newbie
  • *
  • Posts: 7
AV False positive ate Courier email exe
« on: March 25, 2018, 07:39:00 PM »
The file is Courier.exe, my email program for 15+ yrs.

Restore from quarantine failed because it claims the system can't find the file. So 15 yrs of my email is now inaccessible because Comodo AV ate the exe file!

Comodo updated the program, not just the database. The false positive occurred on the system restart today 03-25-18.

Comodo 10.2.0.6526
database 28745

What to do?

when submitting false positive via comodo website am getting the following error - "Error found in record insertion" - https://www.comodo.com/home/internet-security/submit.php

Comodo installed on Win7Pro system

Offline cactuspat

  • Newbie
  • *
  • Posts: 7
Re: AV False positive ate Courier email exe
« Reply #1 on: March 25, 2018, 09:22:44 PM »
I forgot to add the actual detection - Heur.Packed.MultiPacked[at]4294967295

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 194
Re: AV False positive ate Courier email exe
« Reply #2 on: March 25, 2018, 10:59:31 PM »
Hi Cactuspat,

If you can send me the file directly to my email address, I'll make sure it's checked.

I'm sorry for the submission page error, this will be fixed.

thanks



Offline cactuspat

  • Newbie
  • *
  • Posts: 7
Re: AV False positive ate Courier email exe
« Reply #3 on: March 26, 2018, 03:43:07 PM »
I figured out how to email you directly... but I don't see anywhere to attach files on the form.

Offline cactuspat

  • Newbie
  • *
  • Posts: 7
Re: AV False positive ate Courier email exe
« Reply #4 on: March 26, 2018, 06:03:09 PM »
i emailed you the file using reinstalled Courier email program and webmail but your email server rejected them as infected. Although my ISP delivered the CC'd copy to me with a fully functional, password protect archive file.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4224
Re: AV False positive ate Courier email exe
« Reply #5 on: March 26, 2018, 06:52:32 PM »
Your best option would be to use a file sharing site like google drive or one drive and provide a link.

Offline cactuspat

  • Newbie
  • *
  • Posts: 7
Re: AV False positive ate Courier email exe
« Reply #6 on: March 26, 2018, 08:38:22 PM »
G-drive - please have at it.  ;)

Courier.exe -
https://drive.google.com/file/d/1WHskpNRcQ-TxS-75Ea4IDrfxHcbKMl-Q/view?usp=sharing

Courier install file, in case you need it or want to try the program out - https://drive.google.com/open?id=1I7jGqpEKV30WqTjuXQxNPFCbOotC57hx

password to extract - Comodo_Courier


Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: AV False positive ate Courier email exe
« Reply #7 on: March 26, 2018, 10:22:38 PM »
G-drive - please have at it.  ;)

Courier.exe -
https://drive.google.com/file/d/1WHskpNRcQ-TxS-75Ea4IDrfxHcbKMl-Q/view?usp=sharing

Courier install file, in case you need it or want to try the program out - https://drive.google.com/open?id=1I7jGqpEKV30WqTjuXQxNPFCbOotC57hx

password to extract - Comodo_Courier


Hi,cactuspat

The samples you submitted as false-positives is not detected by Comodo Internet Security version <10.1.0.6476> with database version <28751>.
<Courier.exe><SHA1:d7f61ecbc30dd09f57d164a8f676bb507afb66da>
<courier3.exe><SHA1:0eae4929aa00ae3a5abc19489906e029e9d4fd52>

Regards
Chunli.chen
« Last Edit: March 26, 2018, 10:24:37 PM by Chunli »

Offline cactuspat

  • Newbie
  • *
  • Posts: 7
Re: AV False positive ate Courier email exe
« Reply #8 on: March 27, 2018, 12:05:22 PM »

The samples you submitted as false-positives is not detected by Comodo Internet Security version <10.1.0.6476> with database version <28751>.

Exactly! The detection occurred after the latest update to ver 10.2.0.6526
database 28745

Offline cactuspat

  • Newbie
  • *
  • Posts: 7
Re: AV False positive ate Courier email exe
« Reply #9 on: April 03, 2018, 12:49:56 PM »
Has anyone [at] Comodo done anything to address this false positive? Not to be impatient but tick tock its been over a week!

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek