Author Topic: Post your unfixed FP's here (only after 2 days) -2019  (Read 9937 times)

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25669
Post your unfixed FP's here (only after 2 days) -2019
« on: December 31, 2015, 07:43:35 PM »
Previous thread

Please post here all unfixed FP's . Please only post them when they're not detected after 2 days.

Please include,

- your original FP post
- when you last tested CIS against it + what database
« Last Edit: December 31, 2018, 12:10:10 PM by EricJH »

Offline devilbat

  • Comodo Loves me
  • ****
  • Posts: 176
Re: Post your unfixed FP's here (only after 2 days) 2016
« Reply #1 on: March 11, 2016, 01:07:06 PM »
Two Unfixed Whitelisted Malware reports:

AV Database: 24509

1) Reported on March 06, nothing happened.

The samples are from following vendors which should be REMOVED from Trusted Vendors List:

Code: [Select]
CleanMyPC Software

CleanMyPC Technology Limited

Software995 Inc.

Mail.com Media Corporation

2) Reported this one on March 08, still nothing happened.

The sample is from the following vendor:

Code: [Select]
ZZZ-PC\zzz
This vendor sould be removed from Trusted Vendors List because ZZZ-PC\zzz is a computer name, not software vendor name.

COMODO is slow to deal with reported whitelisted malware samples. Maybe this would be quickly handled if it was reported by one of those popular members with 2000+ posts. If you are not from the "niche" you are not taken seriously it seems.

Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3557
Re: Post your unfixed FP's here (only after 2 days) 2016
« Reply #2 on: March 11, 2016, 01:13:10 PM »
Two Unfixed Whitelisted Malware reports:

AV Database: 24509

1) Reported on March 06, nothing happened.

The samples are from following vendors which should be REMOVED from Trusted Vendors List:

Code: [Select]
CleanMyPC Software

CleanMyPC Technology Limited

Software995 Inc.

Mail.com Media Corporation

2) Reported this one on March 08, still nothing happened.

The sample is from the following vendor:

Code: [Select]
ZZZ-PC\zzz
This vendor sould be removed from Trusted Vendors List because ZZZ-PC\zzz is a computer name, not software vendor name.

COMODO is slow to deal with reported whitelisted malware samples. Maybe this would be quickly handled if it was reported by one of those popular members with 2000+ posts. If you are not from the "niche" you are not taken seriously it seems.

Please stop posting the same post in multiple forum threads and wait for a reply in the forum this post belongs to. This is the thread where unfixed FPs are reported.
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.


Offline prabhakaranR

  • First Response Group
  • Newbie
  • *****
  • Posts: 23
Re: Post your unfixed FP's here (only after 2 days) 2016
« Reply #4 on: October 02, 2016, 04:43:30 AM »
Hi,qmarius

Detection has been fixed. Please update to AV database Version <25864> of  Comodo Internet Security Version<8.4.0.5165> and confirm it.

Offline james77

  • Newbie
  • *
  • Posts: 7
Re: Post your unfixed FP's here (only after 2 days) 2016 - 2017 -2018
« Reply #5 on: April 26, 2018, 02:00:36 PM »
reported on March 07, 2018

https://forums.comodo.com/av-false-positivenegative-detection-reporting/submit-malware-here-to-be-blacklisted-2018-no-live-malware-t121281.0.html;msg874048#msg874048

Last tested on 26 April 2018 still not detected by CIS v5.9, av database 28915

Spend some time to research and found this is Java.Cogyeka / Worm.Java.AutoRun / HEUR:Worm.Script.Generic  / HEUR:Worm.Java.Generic according to following site:

https://www.symantec.com/connect/blogs/java-autorun-worm-javacogyeka-1-3
https://us.norton.com/online-threats/java.cogyeka-2012-070706-4059-99-writeup.html

Every time the worm create a copy (every each copy has different random name and SHA ) in windows RECYCLER BIN folder, when scanned CIS treat it as a safe file. Last year i submitted suspicious file in this folder and it was detected after 1 week i updated my av database, when it create another new copy again CIS doesn't detect it as malware or worm.





Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: Post your unfixed FP's here (only after 2 days) 2016 - 2017 -2018
« Reply #6 on: April 26, 2018, 02:15:45 PM »
Hi James,
Detection has been fixed, should reflect in the next few updates.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline james77

  • Newbie
  • *
  • Posts: 7
Re: Post your unfixed FP's here (only after 2 days) 2016 - 2017 -2018
« Reply #7 on: May 06, 2018, 01:06:46 PM »
Hi James,
Detection has been fixed, should reflect in the next few updates.

Best regards,
Andrei Savin

hi,

just tested on 6 May 2018 with CIS v5.9 av database 28960, the mentioned Java.Cogyeka malware files still not detected as positive

Offline meldan

  • First Response Group
  • Comodo's Hero
  • *****
  • Posts: 3245
Re: Post your unfixed FP's here (only after 2 days) 2016 - 2017 -2018
« Reply #8 on: May 06, 2018, 02:50:36 PM »
hi,

just tested on 6 May 2018 with CIS v5.9 av database 28960, the mentioned Java.Cogyeka malware files still not detected as positive

Hi,

Actual database version <28968>.
Please check again.

Kind Regards,
Erik M.

Offline james77

  • Newbie
  • *
  • Posts: 7
Re: Post your unfixed FP's here (only after 2 days) 2016 - 2017 -2018
« Reply #9 on: May 13, 2018, 06:53:32 AM »
hi,

I had updated to database version <28968> but that java malware still appeared negative.

Yesterday i updated to latest database version <28994> still same.

Offline Deepak PV

  • Comodo Staff
  • Comodo Member
  • *****
  • Posts: 37
Re: Post your unfixed FP's here (only after 2 days) 2016 - 2017 -2018
« Reply #10 on: May 13, 2018, 07:45:58 AM »
hi,

I had updated to database version <28968> but that java malware still appeared negative.

Yesterday i updated to latest database version <28994> still same.
Hi,

Actual database version <29005>.
Please check again.

Kind Regards,
Deepak PV

Offline james77

  • Newbie
  • *
  • Posts: 7
Re: Post your unfixed FP's here (only after 2 days) 2016 - 2017 -2018
« Reply #11 on: May 15, 2018, 05:43:00 AM »
Hi,

just test with latest database <29013> , newer than mentioned version <29005> but still same, not detected. The malware detected in another online antivirus.

Hmm...I don't mean to rude, but am I going to hear this infinity loop of "try version <xxxx> database" without any action taken?


Offline Ionel

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3543
Re: Post your unfixed FP's here (only after 2 days) 2016 - 2017 -2018
« Reply #12 on: May 15, 2018, 07:27:28 AM »
Hi james77,

Hi,

just test with latest database <29013> , newer than mentioned version <29005> but still same, not detected. The malware detected in another online antivirus.

Hmm...I don't mean to rude, but am I going to hear this infinity loop of "try version <xxxx> database" without any action taken?

Can you please go to Settings->Advanced Protection->Scan Exclusions and remove Recycle Bin from the list? Also, check if the files are present in exclusions or trusted files list by any chance and try scanning again?

Thanks,
Ionel

Offline james77

  • Newbie
  • *
  • Posts: 7
Re: Post your unfixed FP's here (only after 2 days) 2016 - 2017 -2018
« Reply #13 on: May 22, 2018, 05:24:50 AM »
Hi,

The malware files are not present in exclusion or trusted files, but after removed Recycle Bin from scan Exclusions it was successful detected the files as malware, thanks for your help.

However, every time I plugged the USB flash drive which infected with this malware and double click the drive, my computer is infected by this malware again and CIS didn't detect it as malware. The malware file appeared in Recycle Bin again and treated as safe file by CIS when scanned, it will not detected as malware until I restart PC.

How can I make CIS detected this malware in real time protection before it infect my computer?

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4480
Re: Post your unfixed FP's here (only after 2 days) 2016 - 2017 -2018
« Reply #14 on: May 22, 2018, 11:01:02 AM »
Hi,

The malware files are not present in exclusion or trusted files, but after removed Recycle Bin from scan Exclusions it was successful detected the files as malware, thanks for your help.

However, every time I plugged the USB flash drive which infected with this malware and double click the drive, my computer is infected by this malware again and CIS didn't detect it as malware. The malware file appeared in Recycle Bin again and treated as safe file by CIS when scanned, it will not detected as malware until I restart PC.

How can I make CIS detected this malware in real time protection before it infect my computer?
Enable embedded code detection for cmd.exe located at Do heuristic command-line analysis for certain applications
« Last Edit: May 22, 2018, 02:23:05 PM by futuretech »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek