Author Topic: false positive  (Read 346 times)

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2164
false positive
« on: May 26, 2019, 10:21:39 PM »
False Positive on one of the INTEL installers

https://www.virustotal.com/#/file/48ae422c319a340e33d12cc3f665bf4e15b18192834883d67799852f837b1c17/detection
Quote
SHA-256   48ae422c319a340e33d12cc3f665bf4e15b18192834883d67799852f837b1c17
File name   ME_App_x64.msi
File size   37.99 MB
Last analysis   2019-05-27 02:11:29 UTC


On CIS version 12.0.0.618   
Database 30927 gets flagged as
Quote
Application.Win32.AirAdinstaller.C334627364

On virustotal.com, Comodo is the only that flags it. 1/57 It gets flagged as
Quote
Application.Win32.AirAdInstaller.C[at]5j884k

I can upload the file if needed

Thank You :)
« Last Edit: May 26, 2019, 10:23:53 PM by jay2007tech »
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: false positive
« Reply #1 on: May 27, 2019, 02:00:23 AM »
Hi,jay2007tech

Thanks for reporting.
Could you please submit the detected file at
http://internetsecurity.comodo.com/submit.php.

Best regards
Chunli.chen
« Last Edit: May 27, 2019, 02:14:20 AM by Chunli »

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2164
Re: false positive
« Reply #2 on: May 27, 2019, 05:22:07 PM »
Quote
Could you please submit the detected file at
http://internetsecurity.comodo.com/submit.php.
Sorry, but the file limitation is 10MB,  This installer is 37.99MB

So I sent you a link in your PM

If you need anything else feel free to ask :)
Thank You
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline Umamaheshwari

  • Newbie
  • *
  • Posts: 17
Re: false positive
« Reply #3 on: May 29, 2019, 08:23:43 AM »
Hi jay2007tech,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <30939> of  Comodo Internet Security Version <12.0.0.6818> and confirm it.

Kind Regards,
Umamaheshwari M

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2164
Re: false positive
« Reply #4 on: May 29, 2019, 01:31:24 PM »
I confirmed false positive is fixed :-TU
database 30940 and virustotal are done

Thank You :)
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek