Report recurring Heuristic (Heur.Suspicious) detections here

[Ronny]

Do you find you have to report some tools that get flagged over and over after every updated version that get's released?
Then this is the topic to report them. Only report Heur.Suspicious@<number> detections here please.
If it's detected but in your view falsely classified use a normal FP report asking to reclassify the tool.

Please provide the following details in your report;

• Name of the tool
• The Heur.Suspicious code
• Official website/link where to download the tool
• If possible contact information of it's developer(s)

[disPPlay]

.EasyAntiCheat
.Heur.Suspicious[at]242601963
.http://www.easyanticheat.net/v2/index.php?p=download

[Chunli]

Hi,disPPlay
Thanks for reporting.We will check that and get back to you shortly.

Regards,
Chunli.chen

[Chunli]

Hi,disPPlay

The samples you submitted as false-positive is not detected by Comodo Internet Security version <5.5.195786.1383> with database version <9690>(We downloaded that software "EasyAntiCheat.exe"SHA1<f1cfa4dbf2b9b8143ff1b045d1ff7efb66ada3c9> and install it.
).
Please make sure the Antivirus database is updated and check again.

Regard.
Chunli.chen

[disPPlay]

It was fixed yestarday, probably it will be flagged again in the next update but we will see.

[Joe Lore]

I believe the Heur.Corrupt.PE[at]1z141z3 C:\Windows\SysWOW64\mfc45.dll false detection is back. Virus Total came up clean accept for Comodo.

[FlorinG]

Hello devnulllore,

Please submit the detected file as False Positive using the following link: http://www.comodo.com/home/internet-security/submit.php
Thank you!

Best regards,
FlorinG

[Ronny]

Has been detected before, and still with every new update.

Speccy
Suspicious@#26f01wpqoutyq
http://www.piriform.com/speccy/download
http://www.piriform.com/contact

[FlorinG]

Hello Ronny,

Thank you for your submission. We'll check it and get back to you soon.

Best regards,
FlorinG

[Chunli]

Has been detected before, and still with every new update.

Speccy
Suspicious@#26f01wpqoutyq
http://www.piriform.com/speccy/download
http://www.piriform.com/contact

Hello Ronny,

This False Positive has been fixed. You can update to Virus Signature Database version 9873 and confirm.

Best regards,
Chunli.chen

[Ronny]

Hello Ronny,

This False Positive has been fixed. You can update to Virus Signature Database version 9873 and confirm.

Best regards,
Chunli.chen

It's fixed, but the question is will it be flagged again next update of this tool?
As that is where this thread is started for to prevent repetitive FP's on tools like this, if in doubt please ask Umesh.

[Joe Lore]

From the Log viewer Log of CIS 5.8.202876.2065 Beta on a fresh Windows 7 SP1 x64 fully updated install:

2011-09-02 17:00:55   C:\Windows\SysWOW64\mfc45.dll   Heur.Corrupt.PE[at]1z141z3   Detect   Success

If I clean this the next time I reboot Windows recreates the file and it is detetcted again. Is this safe? Virus Scanner is set to statefull with Heuristics set to default, low. Zipped File Attatched and submitted through CIS .

Please advise ASPA!

FYI, running this through Virus Total returned 8 positives all for Heuristics all with damaved or corrupt in the name.

That's all the info I have.

dev

[attachment deleted by admin]

[Citizen K]

What are your settings for Heuristics? Low, Medium or High? Can you post the link to the Virus Total report?

[Joe Lore]

What are your settings for Heuristics? Low, Medium or High? Can you post the link to the Virus Total report?

Hi,

As mentioned in the post Heuristics are at default, low.

http://www.virustotal.com/file-scan/report.html?id=b41564fb58e0dacf52562064fd93461bf9d24842ab5c5815ba88a901870ed212-1315007709

Keep in mind. I have run this file through at least 11 different cloud scanners and the about 10% positives find something like corrupt, damaged or the like, not like typical virus results. Could the file be legit but damaged?

dev

[Joe Lore]

This site is not working:

http://www.comodo.com/home/internet-security/submit.php

I click upload and it just sits there spinning and never gives a confirmation that the file is recieved or anything.

dev