A BUG on compatibility or CFP.EXE was infected by Trojandownloader indeed?

Windows Defender reports cfp.exe is a trojandownloader with a SEVERE alert level

The bug/issue

  1. What you did: I updated my Windows Defender to date
  2. What actually happened or you actually saw: When I start my my laptop, Windows Defender showed a pop-up that noticed me there were a severe security problem. It pointed out the resource is from a process which held PID 3292. I ran tasklist.exe and get the name of the program it was suspected and got it as cfp.exe. To confirm it, I opened task manager and under the processes Tag, I found PID 3292 exactly connected to cfp.exe and the file path is just the one I installed my CIS.
  3. What you expected to happen or see: I hope you can check it. If that is from a compatible issue, I hope you and microsoft could solve it out ASAP or you need to review your product: cfp might or might not be infected by virus or trojan. If there’s a security leak in your SW, release a fix ASAP.
  4. How you tried to fix it & what happened: No, I did nothing else but just closed the windows defender because I know cfp.exe is a key security component in my computer and quarantine to it might be a more dangerous action without differing it from the incompatibility issues.
  5. If its an application compatibility problem have you tried the application fixes?: I did search in Microsoft.com to look for any fixes or notifications to this problem but it’s failed. Microsoft didn’t supply any information about the incompatibility issues about comodo firewall. Therefore, nothing I can do now.
  6. Details (exact version) of any application involved with download link: No.
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: Yes. If I directly close the alert window from Windows Defender, when I re-start my computer, it appears again. We could make it recur without any exact step. Just restart the machine.
  8. Any other information (eg your guess regarding the cause, with reasons): Windows Defender made a mistake or cfp was infected.

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug:
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List:
  3. A CIS config report or file.
  4. Crash or freeze dump file:

Your set-up

  1. CIS version, AV database version & configuration used:
    cfp 5.0.162636.1135 with Proactive Security
    AV A:Avira antivir personal
    B:Windows Defender Version: 1.1.1600.0
    Engine Version: 1.1.6402.0
    Definition Version: 1.95.1522.0

  2. a) Have you updated (without uninstall) from CIS 3 or 4: No.
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:

  3. a) Have you imported a config from a previous version of CIS: No.
    b) if so, have U tried a standard config (without losing settings - if not please do)?:

  4. Other major changes to the default config (eg ticked ‘block all unknown requests’, other egs here. )

  5. Defense+, Sandbox, Firewall & AV security levels: D+= Paranoid , Sandbox=enable , Firewall =customer define , AV = None of Comodo

  6. OS version, service pack, number of bits, UAC setting, & account type:
    OS: Windows Vista Home Premium SP2-32bit, UAC on, administrator (solo) - Administrators Group

  7. Other security and utility software installed:
    Avira AntiVirus Personal, Microsoft Office suite 2007, iTunes, Chrome, Vaio Care, Microsoft Silverlight

  8. Virtual machine used (Please do NOT use Virtual box):No.

a possible false positive from windows defender, try uploading cfp.exe to virustotal.com

Thx a lot!But I think I’d better await for the official solution by comodo.

This is a false positive.

For the record you can check the digital signature of cfp.exe to make sure it is the proper file. See attached image.

This needs to be reported to Microsoft to the people who handle the f/p’s of Defender.

[attachment deleted by admin]

Thanks Eric

OK moving to resolved.