Recent Posts

1

AV False Positive/Negative Detection Reporting / false positive

« Last post by bencart on Today at 08:10:07 AM »

hello

getflv.exe detected as TrojWare.Win32.Spy.Banker.Gen[at]1qlojk 100% false positive

virustotal report
https://www.virustotal.com/gui/file/032535c0867dd239e1aaba0961b26b1f1e944251437b2f5048896f3f4bf8707a/detection

file: https://gofile.io/d/0eedYK

2

Comodo Valkyrie - FLS / Re: Report False Positives for Valkyrie Service Here - 2022

« Last post by mcpherrinm on Yesterday at 02:24:47 PM »

Let's Encrypt is a widely used Certificate Authority.  The domain our Certificate Revocation List for our "X2" root CA appears to be flagged by Valkyrie, as reported to us on our forums.  It appears this was flagged because of malware communicating to that domain, based on my understanding of the Valyrie Verdict page.  This is quite possible if some malware (or the runtimes they're in) checked a CRL.  However, that is itself not malicious activity.

Here's the Virus Total and Valkyrie Verdict links:

https://www.virustotal.com/gui/domain/x2.c.lencr.org/detection

https://verdict.valkyrie.comodo.com/url/domain/result?domain=x2.c.lencr.org

Here's some additional information about what lencr.org is:
https://letsencrypt.org/docs/lencr.org/

3

Bug Reports - CIS / Direct Storage being bocked by Comodo

« Last post by wintord on Yesterday at 01:18:27 PM »

Does anyone know a fix for the Direct Storage API being blocked by Comodo.

If check in the xbox game bar on windows 11 under gaming features, it states the GPU and OS supports the latest DirectStorage IO optimisations. But under drive status it states on all my nvme drives that BypassIO not Supported due to driver: cmdGuard.

If you open an elevated command prompt and type fsutil bypassIo state (drive letter):\ I get the following reply

BypassIo on "c:\" is not currently supported
    Status:  506 (At least one minifilter does not support bypass IO)
    Driver:  cmdGuard
    Reason:  The specified minifilter does not support bypass IO.
    Storage Type:   NVMe
    Storage Driver: Not BypassIo Compatible

If I uninstall Comodo it will then pass the direct storage requirments. Which going forward will soon be needed once developers start adding this to there software. I could do with it now with messing about in software in my spare time.

Is there a workaround available for this issue, or does anyone know if Comodo are aware of this problem with there software blocking important windows features going forward. (its not just Comodo most anti virus programs appear to be blocking direct storage API's at the moment, outside of windows built in virus protection.

4

Bug Reports - CIS / Re: CIS's Internet Security Essentials bugging

« Last post by cuser on Yesterday at 12:50:27 PM »

Hello folk,
Same issue faced.

Like I said when memory usage goes over some limit (apparently 700 MB) then it starts hogging processor power and that can go to over 20% (or higher if doesn't reboot computer).

Would be interesting to see what ISE does after 6 months or 1 year w/o rebooting computer but won't test, my guess is that since it starts on ~2 percentages and goes up everyday then it would reach 100% at somepoint and computer would crash.

5

AV False Positive/Negative Detection Reporting / Re: Website False Positive - Detected as Phishing by Valkyrie Verdict

« Last post by itsupport on Yesterday at 09:17:52 AM »

Please our domain www.aosorwell.com is being flagged by you for fishing. Note that this site has been cleaned a few weeks ago and suddenly was flagged by you. Kindly check and restore status.

https://verdict.valkyrie.comodo.com/url/domain/result?domain=aosorwell.com

https://www.virustotal.com/gui/url/97b2038ef94a96845ca25459bfedd7c173a680e4592bacbcea790d6b66be7425

6

AV False Positive/Negative Detection Reporting / Re: Website False Positive - Detected as Phishing by Valkyrie Verdict

« Last post by itsupport on Yesterday at 09:16:04 AM »

Please our domain www.aosorwell.com is being flagged by you for fishing. Note that this site has been cleaned a few weeks ago and suddenly was flagged by you. Kindly check and restore status.

https://verdict.valkyrie.comodo.com/url/domain/result?domain=aosorwell.com

https://www.virustotal.com/gui/url/97b2038ef94a96845ca25459bfedd7c173a680e4592bacbcea790d6b66be7425

7

Bug Reports - CIS / Re: CIS's Internet Security Essentials bugging

« Last post by C.O.M.O.D.O RT on Yesterday at 06:58:26 AM »

Hello folk,
Same issue faced. Here is the screenshot : (the value is changing all the time so it is difficult to catch the higher value but sometimes it reach 16%)

It seems that it is COMODO Internet Security Helper Service that use the CPU, even when I close the COMODO Firewall (I'm not able to terminate the helper service).
Hope that will help to solve the bug.
And my uptime is about 8 days.

Thank you!

Hi Eryx,

Sorry for the inconvenience.
We are aware of this issue and team is working on it.
However we will reach you through private message to get required log for further investigation.

Thanks
C.O.M.O.D.O RT

8

Bug Reports - CIS / Re: CIS's Internet Security Essentials bugging

« Last post by Eryx on Yesterday at 06:09:59 AM »

Hello folk,
Same issue faced. Here is the screenshot : (the value is changing all the time so it is difficult to catch the higher value but sometimes it reach 16%)

It seems that it is COMODO Internet Security Helper Service that use the CPU, even when I close the COMODO Firewall (I'm not able to terminate the helper service).
Hope that will help to solve the bug.
And my uptime is about 8 days.

Thank you!

9

News / Announcements / Feedback - CIS / Re: Why did you uninstall CIS? Please help us improve by telling us why.

« Last post by domo78 on Yesterday at 05:51:24 AM »

[at] C.O.M.O.D.O RT

Hello C.O.M.O.D.O RT,

The majority of CIS users have been very patient so far.
I think Comodo should give them a value for the word "soon" for the new release.
Does "soon" = 1 month or 1 quarter or 1 semester or nada?

Thank you for your answer.

10

Comodo Valkyrie - FLS / Re: Report False Positives for Valkyrie Service Here - 2022

« Last post by serg_heylink.me on Yesterday at 04:51:40 AM »

Greetings!

Our website https://heylink.me/ is currently marked as a "Malicious website" in Valkyrie Service.

Our web application provides convenient tools for more than 800,000k registered users worldwide to create their public pages. Some of them are publishing inappropriate stuff from time to time and our tech team is doing a lot of things to moderate the user content and clean it from spam, phishing and other inappropriate behaviors that breach our T&C.

Could you please send us a list of URLs from your web application that you have detected as malicious? Or maybe we can do it somehow automatically via API? Any option would be great.

We support your vision of a clean and safe Internet. We will be glad to cooperate with you in order to sort it out.

Thank you for your kind attention,
Serg [HeyLink.me Tech Team Lead]

UPDATE: I reviewed entire list of URLs in https://verdict.valkyrie.comodo.com/url/domain/result?domain=heylink.me marked as Phishing. All URLs are already blocked except of app.heylink.me/login/ and app.heylink.me/login/?lng=en. These URLs are just page to log in to user dashboard and don't have any phishing content.