a downloader trusted by CIS

http://camas.comodo.com/cgi-bin/submit?file=3e9d6dbf8ff2420c16f7b09d675cb2a7dc3bdcf9d8a75f16273d1a8ddb49d4ab

http://valkyrie.comodo.com/Result.html?sha1=bd3c22a1ff4224538c772115001eda11f47ed68b&&query=1&&filename=8fd6df59d296ad561f213e9e2d34481c.exe

It contains a digital signature whitelisted by CIS.

[attachment deleted by admin]

Outch… But such things are rare…

It can download a fake AV.

http://camas.comodo.com/cgi-bin/submit?file=e8b7cc4d6758822e1ccd1299ed1f9afd1ed72e000533b845d2b7d8dc3b32f339

http://valkyrie.comodo.com/Result.html?sha1=81e4c3acb773868f7cb0564b63edb116737fa70d&&query=0&&filename=9967562.exe

Nice …
Please you should submit it here : https://forums.comodo.com/av-false-positivenegative-detection-reporting/report-trusted-and-whitelisted-malware-here2013-no-live-malware-t89869.75.html

(and check again after 2/3 days)

I hate the existence of a database software digitalmmente signed, ideally creating an online database software analyzed and considered safe.
it already eliminate this vulnerability, besides extinguish this local database software digitally signed. The User has no connection for one reason another it would be up to the decisions to be taken.

a new malware downloaded by it :frowning:

http://valkyrie.comodo.com/Result.html?sha1=94cc7a2d2878cc49725b4c3fa3050d17eca72908&&query=0&&filename=37330625.exe

http://camas.comodo.com/cgi-bin/submit?file=33a19e016abb57966d2627b0cf9d08d29961f97c45180743f7586306cba9013b

Please report this in Submit Malware Here To Be Blacklisted - 2013 (NO LIVE MALWARE!)?

No this is a trusted malware sample, btw I have already said to him to report it and he did :-TU

Rare or not, they have to somehow solve that as it completelly defeats the trust chain. It’s like allowing a suspicious looking person with a rifle into a bank just because he has a pass card (which he stole from some employee of the bank). Everything about it looks wrong but they let him in because he has a pass card.
That doesn’t make sense doesn’t it? And so it doesn’t when CIS is allowing signed stuff that is in fact a malware…

Sure. They will. But at the end of the day ppl will make mistakes you have to accept that. If you want a temp fix (disable TVL). Also that’s why some users don’t rely on Comodo TVL. But at the same time it also defeat a purpose of the whole DD system.