Author Topic: False positive detection  (Read 3829 times)

Offline smax

  • Newbie
  • *
  • Posts: 17
False positive detection
« on: March 12, 2018, 08:02:48 AM »
Dear Comodo Team,

I'm the QA Manager at Exent Technologies LTD (www.exent.com). Our owned & operated games service is www.freeridegames.com (FRG).
FRG is a free games website which allows the consumer to play premium downloadable games for free, in return for his willingness to watch ads while playing these games.
The user is required to download and install our FRG games player which enables the serving of ads onto the premium downloadable games. Serving these ads allows us to offer those downloadable games, that otherwise would require the user to pay for them, totally for free.
The Free Ride Games service is operating since 2008 and is currently serving tens of thousands of happy customers mainly in North America.

We have just learned that starting today (12/3) Downloading our application and executing it causes it to stop if the Comodo Internet Security Complete 10 is installed (Your Software Blocks ours as suspicious), this prevents our users from running the game in our service.
Users that install our FRG games player and play our games consent to our EULA (http://www.freeridegames.com/about/terms). Section 7 of the EULA contains explicit consent by our users to be watching ads in return for their ability to play the games.

We are awaiting your swift resolution to this issue, as this false positive alert is causing inconvenience to our users, severe damages to our reputation and significant monetary damages to us.

Feel free to contact me by email (msyvash[at]exent.com) any time if you have any questions relating this issue.


Best regards
Max Syvash
QA Manager
Exent Technologies LTD


Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: False positive detection
« Reply #1 on: March 12, 2018, 08:05:03 AM »
Hello,
Thanks for your submission. We'll check this matter and get back to you soon.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline smax

  • Newbie
  • *
  • Posts: 17
Re: False positive detection
« Reply #2 on: March 12, 2018, 08:10:25 AM »
Hi
Thanks, I'm wainting

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: False positive detection
« Reply #3 on: March 12, 2018, 03:04:52 PM »
Hi,
This is to inform you that the false-positive you have submitted has been fixed.
Please update your AV database to version <28668> and confirm.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline smax

  • Newbie
  • *
  • Posts: 17
Re: False positive detection
« Reply #4 on: March 13, 2018, 03:27:59 AM »
Hi,
I've update AV to latest databases, but I'm still getting a message that the game was blocked by Comodo Containment   

Offline Aravindhraj J

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 77
Re: False positive detection
« Reply #5 on: March 13, 2018, 04:48:19 AM »
Hi smax,

Thank you for reporting this.
We'll check them and get back to you soon.

Regards,
Aravindhraj J

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: False positive detection
« Reply #6 on: March 13, 2018, 12:43:03 PM »
Hi,
This is to inform you that the false-positive you have submitted has been fixed.
Please update your AV database to version <28673> and confirm.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline smax

  • Newbie
  • *
  • Posts: 17
Re: False positive detection
« Reply #7 on: March 14, 2018, 08:40:49 AM »
Hi,
Do you have any updates? I'm still waiting for your answer.

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: False positive detection
« Reply #8 on: March 14, 2018, 08:46:12 AM »
Hi,
Please update to latest database version and confirm.

Hi,
This is to inform you that the false-positive you have submitted has been fixed.
Please update your AV database to version <28673> and confirm.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline smax

  • Newbie
  • *
  • Posts: 17
Re: False positive detection
« Reply #9 on: March 14, 2018, 09:33:00 AM »
Hi,
I've updated AV databases to latest version <28678> and i have the same results that the game was blocked by Comodo Containment.

Offline Ionel

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3528
Re: False positive detection
« Reply #10 on: March 14, 2018, 10:24:02 AM »
Hi smax,

Can you please open Comodo Internet Security and go to Settings -> File Rating -> File list, remove all files that are related to your application from the list, hit OK and check again if the issue is still present?

Thank you!

Regards,
Ionel

Offline smax

  • Newbie
  • *
  • Posts: 17
Re: False positive detection
« Reply #11 on: March 14, 2018, 10:48:26 AM »
Hi Ionel,
I did all of these steps that you wrote, but this issue is still present and when installing the game I'm getting message from Comodo containment that our application is not whitelisted by Comodo.

Offline Ionel

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3528
Re: False positive detection
« Reply #12 on: March 14, 2018, 11:59:39 AM »
Hi smax!

The contained files are the exact same you reported to us in your first post? If not, please attach the exact same ones that are getting contained and we'll verify.

Thanks,
Ionel

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3941
Re: False positive detection
« Reply #13 on: March 14, 2018, 12:23:35 PM »
You need to submit your company to be added to the trusted vendors list using this form here. The original issue of the applications being detected by the AV is fixed and the issue you are having now is about having applications signed by the Exent digital signature to be automatically trusted so as not to be blocked by auto-containment, HIPS, or firewall components of CIS.
« Last Edit: March 14, 2018, 12:27:58 PM by futuretech »

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: False positive detection
« Reply #14 on: March 15, 2018, 01:19:42 PM »
Hi smax,
The behavior you are seeing is not expected.

Please provide following data:
1.
You can find following file:
C:\ProgramData\Comodo\Firewall Pro\cislogs.sdb

and share with us.

2.
Please go to "CIS-->Settings-->General Settings --> Configuration" section and export active configuration and share with us.


Thanks
-umesh


Hi Ionel,
I did all of these steps that you wrote, but this issue is still present and when installing the game I'm getting message from Comodo containment that our application is not whitelisted by Comodo.
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek