Author Topic: Report recurring Heuristic (Heur.Suspicious) detections here - 2019  (Read 7035 times)

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24967
Do you find you have to report some tools that get flagged over and over after every updated version that get's released?
Then this is the topic to report them. Only report Heur.Suspicious@<number> detections here please.
If it's detected but in your view falsely classified use a normal FP report asking to reclassify the tool.

Please provide the following details in your report;
  • Name of the tool
  • The Heur.Suspicious code
  • Official website/link where to download the tool
  • If possible contact information of it's developer(s)

Previous thread
« Last Edit: December 31, 2018, 12:09:47 PM by EricJH »

Offline disPPlay

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 887
  • Join the REVOLUTION!
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #1 on: January 27, 2017, 12:33:19 PM »
Hi i have reported some days ago in this topic that a virtualbox installer file was being flagged wrong

https://forums.comodo.com/av-false-positivenegative-detection-reporting/fp-heurpackedunknown4294967295-t117927.0.html

The file is again begining to be flagged as malware, please take a look at it



https://www.virustotal.com/pt/file/a34c6235c1d26492ff32319aa72f12ac64c0837057a0411321bdb97c2ed0b3cf/analysis/1485538081/


Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #2 on: January 27, 2017, 12:43:45 PM »
Hello,

Based on the info you have provided it appears that we do not detect this file. Are you sure you updated Comodo Internet Security to the latest version?

Best regards
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline disPPlay

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 887
  • Join the REVOLUTION!
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #3 on: January 27, 2017, 01:16:46 PM »
Yes I'm sure updating was made before full scan.
Here goes a screenshot of CIS log

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #4 on: January 27, 2017, 01:31:56 PM »
Hi,
AV Lab is currently investigating this issue and we'll solve it as soon as possible.

Best regards
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline disPPlay

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 887
  • Join the REVOLUTION!
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #5 on: January 27, 2017, 01:45:05 PM »
thanks andrei.savin

Offline blade120

  • Comodo Member
  • **
  • Posts: 49
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #6 on: April 06, 2017, 01:35:41 PM »
AIMP
https://www.aimp.ru/

Backup folder is detect as malware

Heur.Packed.Unknown[at]4294967295

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #7 on: April 06, 2017, 01:54:14 PM »
Hi,
Thank you for submitting this. We'll investigate it.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline blade120

  • Comodo Member
  • **
  • Posts: 49
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #8 on: April 06, 2017, 02:10:36 PM »
Thank you.

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #9 on: April 06, 2017, 02:25:19 PM »
Hello blade120,
Could you please enlarge the window and see the exact file that is causing the detection and submit it to us? We're unable to get a hold of the file. You can attach the file here directly.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline blade120

  • Comodo Member
  • **
  • Posts: 49
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #10 on: April 06, 2017, 02:57:14 PM »
Of course
SHA1: 624C68DA13974D52B44EE39828A7A6E22D6805B1
File is here
http://uploadfile.pl/pokaz/1062677---qwpl.html
« Last Edit: April 06, 2017, 03:01:33 PM by blade120 »

Offline Qiuhui.Wang

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 2098
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #11 on: April 06, 2017, 09:50:01 PM »
Hi blade120,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <26868> of  Comodo Internet Security Version<10.0.1.6209> and confirm it.

Best regards
Qiuhui.Wang

Offline blade120

  • Comodo Member
  • **
  • Posts: 49
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #12 on: April 07, 2017, 04:12:46 AM »
Hi
All is ok. Thank you very much.

Offline qmarius

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 3841
  • making simple things complicated
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #13 on: April 29, 2017, 06:07:30 AM »
Name: Suspicious[at]#2w4bqiynoo42h
SHA1: 09022101aad2c53f4b141a3b92a6bcb01f6cbaff


link: https://drive.google.com/open?id=0B6th7MAiPk2EazVRYTdPVnBQbzQ
password: infected

Offline pavithran

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 97
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #14 on: April 29, 2017, 06:29:30 AM »
Hi,
Thank you for submitting this. We'll investigate it.

Best regards,
Pavithran G

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek