3 False Positives

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
1

Hello, I submitted three samples that I believed were false positives to be analyzed. I’d rather not post them on the forum, just in case they are actually malicious.

I received an email that told me they were not detected, but check out the virustotal links for them.

http://www.virustotal.com/file-scan/report.html?id=fb8be74c44a123416e2d8bef5647841e5ef2fcc83ae77310c381bbcec7326268-1295456910

http://www.virustotal.com/file-scan/report.html?id=3e24a730a0b550d4541b9cb871b559b50909cf96f8260da617c3e8d8d2e50592-1293472146

http://www.virustotal.com/file-scan/report.html?id=b7668b782d6da0017811ae13ef198d957b4cab4fb8cf2b6a2ac77041e4e84694-1295837842

Whether they are FP’s, or not, they are detected by Comodo on VirusTotal. Therefore it’s not a problem specific to my system. Oh, and I was scanning with heuristics on low and cloud scanning enabled.

Please look into this.

Thanks.

2

Hi Chiron,
We are going to have a look at it and will get back to you after investigation.
Thanks and Regards,
Lin mengze

3

Hi,Chiron

This is to inform you that false-positive with
(SHA1: <90c0ae09e2ee1ed34e31930b145071a7f827259c>)
(SHA1: <222aa33e4769166fd84d308e83274fe6d5626d13>)
(SHA1: <2d448a60f035a1c6327767f5223f94b45354f35f>)
has been fixed.
You can update to AV database Version <7519> of Comodo Internet Security Version<5.3.176757.1236> and confirm it.

Regards
Chunli.chen
Comodo AntiVirus Lab

4

Are you sure that (SHA1: <2d448a60f035a1c6327767f5223f94b45354f35f>) is FP?

VT 16 /43 (37.2%)

http://www.virustotal.com/file-scan/report.html?id=b7668b782d6da0017811ae13ef198d957b4cab4fb8cf2b6a2ac77041e4e84694-1296099545

5

Good point. That one does look more like adware.

6

I have 3 more to add to the list. They’re detected on VirusTotal, and on my computer, but I received an email saying they weren’t detected.

http://www.virustotal.com/file-scan/report.html?id=cac9788c802ef7e2a6c0226780555e949209f566c6fec99fdf75c65dd035e4ef-1295839704

http://www.virustotal.com/file-scan/report.html?id=738d8c2411d4791a8898581f053f2617f70749f3bbc223d1ef278b35cbe0e611-1293783958

http://www.virustotal.com/file-scan/report.html?id=2ba247d85960dca76a48a92df66b308f27a478327c0c6e359ef062df3efca05f-1295887456

Please analyze them.

Thanks.

7

Hi,Chiron

Thank you for reporting this. We’ll check it and get back to you soon.

Best regards
Chunli.chen

8

Confirmed.

Thanks.

9

Hello Chiron,

We have no record of these files being submitted to us or any reply sent to any user regarding these files before your submission here in this post. A fix for these False Positive will be available soon.

Best regards,
FlorinG

10

Hi,Chiron

This is to inform you that false-positive with
SHA1: <2135c6ef8d9c88e6d60d27c65cc3d32c63bd7461>
SHA1: <128da42156b89505b4a593881c675a3648b76e00>
SHA1: <3ea2d4cf537d4bc75c11630a5cb7cb690212841d>
has been fixed.
You can update to AV database Version <7528> of Comodo Internet Security Version<5.3.176757.1236> and confirm it.

Regards
Chunli.chen

11

Confirmed fixed.

Thank you.