False Positives are way out of control in 3.8.
The problem is so severe that my clients and friends are starting to question my judgment.
Unless this issue is resolved very quickly, I may well be forced to abandon CIS.
I sincerely mean no offense, but you guys screwed up big time on this release.
Thanks for the suggestion, but dealing with all the False Positives has been and continues to be way too much grief (including the hassles of documenting and emailing them), and disabling heuristics doesn’t solve the problem while reducing security. (Did you miss what I wrote about the Internet Explorer cache problem?!) I’m dead serious when I say 3.8 is such a disaster than I may be forced to dump CIS.
Comodo is trying to fix all FPs in 2 days from reporting from now on.
Sad to hear you and your clients are having troubles. =/ I see you have done some major FPs reporting. But simply reporting all of them will make sure it gets fixed! :o just posting in the forum and attaching the file should do it! (if you mention “file attached”).
FP have to be fixed, because not everyone knows how to analyze suspicious files, even using virustotal or camas. Is there any other way to fix FP by devs, or we just have to send samples first? I scanned my pc 2 days ago with heuristics set to High and I didn’t get any FP, but different people have installed different software that can cause false alarms. Comodo is building database very fast so FP are inevitable…for now.
[To: JNavas, a great guy ;)]
You are correct, there is almost a endless of files online, and no finite number. :-\
What I meant was that there would still be problem for people, but sending them could solve your and your clients problems hopefully. But you are correct if you mean that new FPs might arise and its not a very good solution.
COMODO has to do it possible some other way I guess…
You seem to be making assumptions that I don’t think are valid, that False Positives can be eliminated with a better database. The problem isn’t the database, it’s an anti-virus system that isn’t smart enough to distinguish “new” malware from “new” safe software. That can only be fixed by making the anti-virus smarter, not by the never-ending and impossible task of trying to classify all of an endless stream of “new” software.
The database approach to anti-virus doesn’t work. It can’t be done fast enough. Bad guys will always have the upper hand.
Yes, unfortunately each DB update seems to bring a slew of more FP’s. Scan one day and all is well, then tomorrows update brings more headaches. Or, FP’s you’ve reported aren’t fixed or turn up again with another name…
I personally haven’t been seeing huge numbers of false positives, but definitely more than any other AV I’ve used. But I understand that CAV is still young.
I don’t know if I’d be professionally recommending something so young, but that’s just me I guess…
Lol @ AV engine needs to be fixed, it was Melih himself that did not like the AV engine in CAVS beta, so this new one was built in it’s place. I think he should of kept the old one at least there was no FP’s. Yep I am suffering from FP’s as well. I think their so called whitelist needs to have more programs added to it.
Signature false positives are nothing and are actually not that problematic.
Like i haven’t been like saying even before 3.8 entered the final phase. Packer detection is just not for home environment. Unless you want to annoy users with trilions of false positives. Packer detection should be optional and completelly separate option from heuristics. And heuristics option shouldn’t even be there until they add CIMA heuristics in it. Just don’t say i haven’t warned you ppl. But hey, you all live in a wonderland where Comodo is the best there is. Someone here needs a reality check, seriously…
It’s not like i made this up. I’ve seen many antiviruses with packer detection approach and they all failed misserably.
QuickHeal, Fortinet, SOPHOS, Panda in some cases… But i forgive Fortinet and SOPHOS because they are meant for corporate environments where packers aren’t the problem on gateways and servers.
But for home usage, packers are a complete no go. And even if you do you packer detection, it shouldn’t be just a raw packer detection but some form of more sophisticated packer detection that can also compare other characteristics and warn user when all meet characteristics usually found in malware (exotic packer, small file size, suspicious file extensions, double extensions, whitespaces etc). And even at that point i’d want this darn thing to be optional. AVIRA has this done nicely. Heuristics on it’s own, packer (PCK) detection as separate, selectable feature that is disabled by default. This is the right way.
But if you want to flood yourself with meaningless false positives and annoy users, then packer detection should be like it currently is in CIS.
Point taken, and I may well have made a mistake, although I don’t know that it’s a matter of age. My initial assessment was based on the mature and solid Firewall component, the impressive and valuable HIPS component (Defense+), and good A-V results with the prior release. 3.8 is unexpectedly worse. I’ve seen similar problems with much more mature products. That 3.8 got out the door as a regular release raises concerns about quality at COMODO.