Author Topic: Report recurring Heuristic (Heur.Suspicious) detections here - 2019  (Read 10585 times)

Offline meldan

  • First Response Group
  • Comodo's Hero
  • *****
  • Posts: 3245
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #15 on: April 29, 2017, 05:28:27 PM »
Hi windstorm,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <27002> of  Comodo Internet Security Version<10.0.1.6209> and confirm it.

Kind Regards,
Erik M.

Offline cocalaur

  • Comodo's Hero
  • *****
  • Posts: 333
  • Happy COMODO user
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #16 on: August 19, 2017, 04:55:50 PM »
Database version: 27619

File info:

Path: C:\Windows\system32\SearchIndexer.exe
Detection:     Heur.Gen.Lama[at]117022151

File hashes:

SearchIndexer.exe   
fd74badbcf30f3f6c9d6e3d6b3e42fa5   - MD5
bce4ebbf6aa5b2d0df8f4a152f8e76b2b4b567b0   - SHA1
0ac3130b   - CRC32
9970bd6cff1cd0d60906bf171773ddf7bd317f13b1850149f97886f5cf0d94d6 - SHA256

This can happen with Heuristics set on Medium.

Please run a manual scan/ realtime scan with medium heuristics to see if FP occurs
« Last Edit: August 24, 2017, 07:29:40 AM by cocalaur »
=================================
Son: "Dad, what is malware?"
Dad: "I don't know, son, we use COMODO."
=================================

Offline Aravindhraj J

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 77
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #17 on: August 24, 2017, 07:44:14 AM »
Hi cocalaur,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <27653> of  Comodo Internet Security Version <10.0.1.6223> and confirm it.

Kind Regards,
Aravindhraj J.

Offline patrice58

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 829
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #18 on: November 16, 2017, 07:16:54 PM »
Defraggler https://www.piriform.com/defraggler downloading it opens CIS with the option of cleaning the file via sending it to the sandbox or running it without. ApplicUnwnt[at]#290od3alopvy2 Database version 28059.
« Last Edit: November 16, 2017, 07:24:04 PM by patrice58 »
Vista Home Premium 32 bit (user account) CISC 4.1.150349.920 + CAV (On Access) + Sandbox,V-Engine 2.7.0.37, SpywareBlaster 4.3, SAS (free), a-squared (free) MBAM (free) Finjan Secure Browsing, Windows Defender (scanner only), Zemana AntiLogger 1.9.2.206,

Offline Qiuhui.Wang

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 2103
Re: Report recurring Heuristic (Heur.Suspicious) detections here - 2017
« Reply #19 on: November 16, 2017, 07:39:22 PM »
Hi patrice58,

This is to inform you that the reported file is not a false positive<PUA>.
If you intent to use it further,you can add it to exclusion list.

SHA1:40cdd1188cfc0b474b66a22ce8ddb280a38eadfd *dfsetup221.exe

Best regards
Qiuhui.Wang
« Last Edit: November 16, 2017, 08:36:57 PM by Qiuhui.Wang »

Offline qmarius

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 3843
  • making simple things complicated
Name: Heur.Packed.Unknown[at]4294967295
SHA1: 34ec4c94714d4ea1ba34a556088d9034cb790973

"product.cab|file_VBoxDD2RC.rc",
"product.cab|file_VBoxDDRC.rc".


mirror: https://www63.zippyshare.com/v/Sq0bA1en/file.html

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Hello Marius!

Thanks for your submission, we'll check the files and get back to you.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Hi!

This is to inform you that the false-positive you have submitted has been fixed.
Please update your AV database to version <28856> and confirm.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline qmarius

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 3843
  • making simple things complicated
f93668004978646cf875ac8fe9af76bb377bd27c

Offline andrei.savin

  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 197
Hi Marius!
Thanks for the submission, we'll check it and get back to you.

Best regards,
Andrei Savin
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline abinaya

  • Comodo Staff
  • Newbie
  • *****
  • Posts: 24
Hi qmarius,

This is to inform you that the false-positive you have submitted have been fixed.
Please update your Comodo security product virus database to version 29228.
SHA1:f93668004978646cf875ac8fe9af76bb377bd27c

Regards,
Abinaya R

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek