Author Topic: False positives  (Read 666 times)

Offline cuser

  • Comodo Loves me
  • ****
  • Posts: 183
False positives
« on: April 03, 2018, 08:43:37 AM »
So I copied several game folders from virtual machine (no av) to actual computer and CIS decided that 4 out of 5 exe-files were malicious software and quarantined those (didn't whine anything when I copied game-zips to vm). Can't give name of games or url where dl'd those publicly (privately yes since those are free games) since those aren't mean t for underagers (so only malicious thingies are for player's soul).

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: False positives
« Reply #1 on: April 03, 2018, 08:51:33 AM »
Hello!
In order to process these false-positives we need to get a hold of the files in question.
You can either attach the files here, in a password-protected archive or submit them through CIS and then post here the SHA-1 list of the files.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline cuser

  • Comodo Loves me
  • ****
  • Posts: 183
Re: False positives
« Reply #2 on: April 03, 2018, 01:36:01 PM »
well you got mail since can't post links here.

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: False positives
« Reply #3 on: April 04, 2018, 01:27:51 AM »
Hi,cuser

This is to inform you that false-positive has been fixed.
You can update to AV database Version <28800> of  Comodo Internet Security Version<10.1.0.6476> and confirm it.

Best regards
Chunli.chen

Offline cuser

  • Comodo Loves me
  • ****
  • Posts: 183
Re: False positives
« Reply #4 on: April 09, 2018, 12:43:57 AM »
https://www105.zippyshare.com/v/w5YLxwi3/file.html

CIS said  (after I woke up and woke up computer from sleep (apparently CIS scans computer during when its set to sleep)) that file is some malware but it isn't.

Might have reported that file before being false positive before but if so then CIS has forgotten it.

Offline Aravindhraj J

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 77
Re: False positives
« Reply #5 on: April 09, 2018, 01:00:42 AM »
Hi cuser,

Thank you for reporting this.
We'll check them and get back to you soon.

Regards,
Aravindhraj J

Offline meldan

  • First Response Group
  • Comodo's Hero
  • *****
  • Posts: 3241
Re: False positives
« Reply #6 on: April 09, 2018, 02:10:02 PM »
Hi cuser,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <28835> of  Comodo Internet Security and confirm it.

Kind Regards,
Erik M.

Offline cuser

  • Comodo Loves me
  • ****
  • Posts: 183
Re: False positives
« Reply #7 on: April 10, 2018, 07:18:11 AM »
fixed for now and as usual CIS virtualized/isolated it on next run.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek