3 False Positives [FIXED]

FP - Unclassified Malware[at]8429306

WindowsXP/system32/drivers/ithsgt.sys ( I have no idea what it’s for but seems to be a FP)



NirCmd 2.00 ( NirCmd - Windows command line tool )

FP - Unclassified Malware[at]5300955



FP - Unclassified Malware[at]5324401



All files are detected as threat by CIS with database version 1076 and earlier.

Hi fOrTy_7,

These mentioned tools, “NirCMD” from nirsoft, are termed as potentially unsafe applications and are not false positives. Please add them to your exclusion lists if you really want to continue using those files.

Regarding the file “WindowsXP/system32/drivers/ithsgt.sys”, the file shall be checked for false positive and shall be fixed. Thanks for your submissions.


I see that ithsgt.sys FP has been fixed. Thanks. :-TU

As for NirCmd command line tool, I know that some antivirus vendors detect this tool as riskware, hackertool or unwanted/unsafe application because it was / is often used by malware. But the application itself isn’t a malware, so shouldn’t it be labeled by CIS as ApplicUnsaf… or ApplicUnwnt… instead of Unclassified Malware[at]… ? At least I saw these categories on your website Comodo Anti-Malware Database - Latest additions.


Yes! The detected names have now been renamed. Please update your bases to check the detection names.


All has been fixed now. Thanks. :-TU