Author Topic: False positive  (Read 876 times)

Offline anuswara

  • Comodo Loves me
  • ****
  • Posts: 107
False positive
« on: October 11, 2018, 01:08:08 PM »
Hi, yesterday I sent to you this file (see photo) for analysis, sent via CIS interface, obviously I am not allowed to save the file on desktop or upload it on online scanner.
Thanks for verifying and whitelisting it.
Best,


Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3547
Re: False positive
« Reply #1 on: October 11, 2018, 01:34:49 PM »
Hello anuswara,

In order to check if this is a False Positive or not, we will need you to provide the sample to us. If that is not possible then at least give us its SHA1 so we can identify it in our database.

Best regards,
FlorinG
« Last Edit: October 11, 2018, 01:50:46 PM by FlorinG »
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.

Offline anuswara

  • Comodo Loves me
  • ****
  • Posts: 107
Re: False positive
« Reply #2 on: October 11, 2018, 04:30:12 PM »
Hi Florin,

ok here the requested code.
The file has been uploaded yesterday to your server, but I have had it at least since 4 months.
here is it:
9D2DD3655BE189A6F24DA0663889C6611873B848

I add another code for false positive of programm "Panorama Composer", the file viewer.dat, already sent to your database:
F31CEAAEFFC635C7658510B60E6178B7F0A8476E

Thanks a lot. Best,

Offline Qiuhui.Wang

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 2098
Re: False positive
« Reply #3 on: October 11, 2018, 09:48:45 PM »
Hi anuswara,

Thank you for reporting this.
We'll check it and get back to you soon.

Best regards
Qiuhui.Wang

Offline abinaya

  • Comodo Staff
  • Newbie
  • *****
  • Posts: 23
Re: False positive
« Reply #4 on: October 12, 2018, 08:08:25 AM »
Hi Florin,

ok here the requested code.
The file has been uploaded yesterday to your server, but I have had it at least since 4 months.
here is it:
9D2DD3655BE189A6F24DA0663889C6611873B848

I add another code for false positive of programm "Panorama Composer", the file viewer.dat, already sent to your database:
F31CEAAEFFC635C7658510B60E6178B7F0A8476E

Thanks a lot. Best,

Hi anuswara,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <29808> of  Comodo Internet Security Version <11.0.0.6710> and confirm it.
SHA1:9d2dd3655be189a6f24da0663889c6611873b848

The following sample you have submitted is not detected by Comodo Internet Security with database version <29808>. Please make sure your AV database is up to date and try again.
SHA1:f31ceaaeffc635c7658510b60e6178b7f0a8476e

Kind Regards,
Abinaya R

Offline anuswara

  • Comodo Loves me
  • ****
  • Posts: 107
Re: False positive
« Reply #5 on: October 12, 2018, 09:34:48 AM »
Hi,
I confirm that tmp2BA6.exe (LogMeIn) has been whitelisted with latest update for the latest CIS version available here:
10.2.0.6526 (!!!)
defs: 29809.
The same for viwer.dat (PanoramaComposer).
Ok, very good!

OT:
There is still the random problem (see photo) since one year, its strange that a "geographical issue" is affecting Comodo server only.
Thanks a lot.
Best,

Offline GOA

  • Comodo's Hero
  • *****
  • Posts: 720
Re: False positive
« Reply #6 on: October 25, 2018, 05:19:31 PM »
Cloud.Trojan.gen

ccsetup548.exe

9ce1d04d941de7c3b058cc7e94a7c11431d285ca
CF 10
Windows 10

Offline Qiuhui.Wang

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 2098
Re: False positive
« Reply #7 on: October 26, 2018, 12:05:36 AM »
Hi GOA,

Thank you for reporting this.
We'll check it and get back to you soon.

Best regards
Qiuhui.Wang

Offline andreipopovici

  • Malware Research Group
  • Newbie
  • *****
  • Posts: 6
Re: False positive
« Reply #8 on: October 26, 2018, 10:03:10 AM »
Hi GOA,

The false-positive with ccsetup548.exe (SHA1: 9ce1d04d941de7c3b058cc7e94a7c11431d285ca) has been fixed. You can update to AV database Version <29880> of  Comodo Internet Security Version<11.0.0.6719> and confirm it.

Offline anuswara

  • Comodo Loves me
  • ****
  • Posts: 107
Re: False positive
« Reply #9 on: October 26, 2018, 10:14:20 AM »
Hi, why autoupdate tells me that 10.2.0.6526 is up to date?
thanks.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek