Windows Defender reports cfp.exe is a trojandownloader with a SEVERE alert level
- What you did: I updated my Windows Defender to date
- What actually happened or you actually saw: When I start my my laptop, Windows Defender showed a pop-up that noticed me there were a severe security problem. It pointed out the resource is from a process which held PID 3292. I ran tasklist.exe and get the name of the program it was suspected and got it as cfp.exe. To confirm it, I opened task manager and under the processes Tag, I found PID 3292 exactly connected to cfp.exe and the file path is just the one I installed my CIS.
- What you expected to happen or see: I hope you can check it. If that is from a compatible issue, I hope you and microsoft could solve it out ASAP or you need to review your product: cfp might or might not be infected by virus or trojan. If there’s a security leak in your SW, release a fix ASAP.
- How you tried to fix it & what happened: No, I did nothing else but just closed the windows defender because I know cfp.exe is a key security component in my computer and quarantine to it might be a more dangerous action without differing it from the incompatibility issues.
- If its an application compatibility problem have you tried the application fixes?: I did search in Microsoft.com to look for any fixes or notifications to this problem but it’s failed. Microsoft didn’t supply any information about the incompatibility issues about comodo firewall. Therefore, nothing I can do now.
- Details (exact version) of any application involved with download link: No.
- Whether you can make the problem happen again, and if so exact steps to make it happen: Yes. If I directly close the alert window from Windows Defender, when I re-start my computer, it appears again. We could make it recur without any exact step. Just restart the machine.
- Any other information (eg your guess regarding the cause, with reasons): Windows Defender made a mistake or cfp was infected.
Files appended. (Please zip unless screenshots).
- Screenshots illustrating the bug:
- Screenshots of related CIS event logs and the Defense+ Active Processes List:
- A CIS config report or file.
- Crash or freeze dump file:
CIS version, AV database version & configuration used:
cfp 5.0.162636.1135 with Proactive Security
AV A:Avira antivir personal 10.0.0.607
B:Windows Defender Version: 1.1.1600.0
Engine Version: 1.1.6402.0
Definition Version: 1.95.1522.0
a) Have you updated (without uninstall) from CIS 3 or 4: No.
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
a) Have you imported a config from a previous version of CIS: No.
b) if so, have U tried a standard config (without losing settings - if not please do)?:
Other major changes to the default config (eg ticked ‘block all unknown requests’, other egs here. )
Defense+, Sandbox, Firewall & AV security levels: D+= Paranoid , Sandbox=enable , Firewall =customer define , AV = None of Comodo
OS version, service pack, number of bits, UAC setting, & account type:
OS: Windows Vista Home Premium SP2-32bit, UAC on, administrator (solo) - Administrators Group
Other security and utility software installed:
Avira AntiVirus Personal, Microsoft Office suite 2007, iTunes, Chrome, Vaio Care, Microsoft Silverlight
Virtual machine used (Please do NOT use Virtual box):No.