Author Topic: Report recurring Heuristic (Heur.Suspicious) detections here  (Read 73728 times)

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13551
  • Retired - Volunteer Moderator
Report recurring Heuristic (Heur.Suspicious) detections here
« on: August 09, 2011, 09:24:19 AM »
Do you find you have to report some tools that get flagged over and over after every updated version that get's released?
Then this is the topic to report them. Only report Heur.Suspicious@<number> detections here please.
If it's detected but in your view falsely classified use a normal FP report asking to reclassify the tool.

Please provide the following details in your report;
  • Name of the tool
  • The Heur.Suspicious code
  • Official website/link where to download the tool
  • If possible contact information of it's developer(s)
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline disPPlay

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 887
  • Join the REVOLUTION!
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #1 on: August 09, 2011, 04:33:03 PM »
.EasyAntiCheat
.Heur.Suspicious[at]242601963
.http://www.easyanticheat.net/v2/index.php?p=download

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #2 on: August 09, 2011, 05:53:45 PM »
Hi,disPPlay
Thanks for reporting.We will check that and get back to you shortly.

Regards,
Chunli.chen

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #3 on: August 09, 2011, 11:56:07 PM »
Hi,disPPlay

The samples you submitted as false-positive is not detected by Comodo Internet Security version <5.5.195786.1383> with database version <9690>(We downloaded that software "EasyAntiCheat.exe"SHA1<f1cfa4dbf2b9b8143ff1b045d1ff7efb66ada3c9> and install it.
).
Please make sure the Antivirus database is updated and check again.

Regard.
Chunli.chen

Offline disPPlay

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 887
  • Join the REVOLUTION!
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #4 on: August 10, 2011, 09:53:08 AM »
It was fixed yestarday, probably it will be flagged again in the next update but we will see.

Offline Joe Lore

  • Comodo Loves me
  • ****
  • Posts: 112
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #5 on: August 25, 2011, 01:15:07 PM »
I believe the Heur.Corrupt.PE[at]1z141z3 C:\Windows\SysWOW64\mfc45.dll false detection is back. Virus Total came up clean accept for Comodo.

Joe
-------

Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 4034
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #6 on: August 25, 2011, 01:44:21 PM »
Hello devnulllore,

Please submit the detected file as False Positive using the following link: http://www.comodo.com/home/internet-security/submit.php
Thank you!

Best regards,
FlorinG

If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13551
  • Retired - Volunteer Moderator
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #7 on: August 25, 2011, 03:08:49 PM »
Has been detected before, and still with every new update.

Speccy
Suspicious@#26f01wpqoutyq
http://www.piriform.com/speccy/download
http://www.piriform.com/contact
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 4034
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #8 on: August 25, 2011, 03:14:20 PM »
Hello Ronny,

Thank you for your submission. We'll check it and get back to you soon.

Best regards,
FlorinG
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS.

Offline Chunli

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2584
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #9 on: August 25, 2011, 06:14:13 PM »
Has been detected before, and still with every new update.

Speccy
Suspicious@#26f01wpqoutyq
http://www.piriform.com/speccy/download
http://www.piriform.com/contact

Hello Ronny,

This False Positive has been fixed. You can update to Virus Signature Database version 9873 and confirm.

Best regards,
Chunli.chen

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13551
  • Retired - Volunteer Moderator
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #10 on: August 26, 2011, 07:54:44 AM »
Hello Ronny,

This False Positive has been fixed. You can update to Virus Signature Database version 9873 and confirm.

Best regards,
Chunli.chen
It's fixed, but the question is will it be flagged again next update of this tool?
As that is where this thread is started for to prevent repetitive FP's on tools like this, if in doubt please ask Umesh.
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline Joe Lore

  • Comodo Loves me
  • ****
  • Posts: 112
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #11 on: September 02, 2011, 07:09:37 PM »
From the Log viewer Log of CIS 5.8.202876.2065 Beta on a fresh Windows 7 SP1 x64 fully updated install:

2011-09-02 17:00:55   C:\Windows\SysWOW64\mfc45.dll   Heur.Corrupt.PE[at]1z141z3   Detect   Success

If I clean this the next time I reboot Windows recreates the file and it is detetcted again. Is this safe? Virus Scanner is set to statefull with Heuristics set to default, low. Zipped File Attatched and submitted through CIS .

Please advise ASPA!

FYI, running this through Virus Total returned 8 positives all for Heuristics all with damaved or corrupt in the name.

That's all the info I have.

dev

[attachment deleted by admin]
« Last Edit: September 02, 2011, 08:00:26 PM by devnulllore »
Joe
-------

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26183
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #12 on: September 02, 2011, 07:55:14 PM »
What are your settings for Heuristics? Low, Medium or High? Can you post the link to the Virus Total report?

Offline Joe Lore

  • Comodo Loves me
  • ****
  • Posts: 112
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #13 on: September 02, 2011, 08:04:41 PM »
What are your settings for Heuristics? Low, Medium or High? Can you post the link to the Virus Total report?

Hi,

As mentioned in the post Heuristics are at default, low.

http://www.virustotal.com/file-scan/report.html?id=b41564fb58e0dacf52562064fd93461bf9d24842ab5c5815ba88a901870ed212-1315007709

Keep in mind. I have run this file through at least 11 different cloud scanners and the about 10% positives find something like corrupt, damaged or the like, not like typical virus results. Could the file be legit but damaged?

dev
Joe
-------

Offline Joe Lore

  • Comodo Loves me
  • ****
  • Posts: 112
Re: Report recurring Heuristic (Heur.Suspicious) detections here
« Reply #14 on: September 02, 2011, 08:47:45 PM »
This site is not working:

http://www.comodo.com/home/internet-security/submit.php

I click upload and it just sits there spinning and never gives a confirmation that the file is recieved or anything.

dev
Joe
-------

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek