I’m tired of submitting a lot of false positives, especially when you scan some key generators ! I think v4 will solve this problem , << it really becomes a problem with me when CAV caught one of the real player files ! and yes i did submit it using every single way to submit false positives :-X
Hi knk2006,
May i ask how you have set the Heuristics level for Real-Time and Manual Scan ?
One thing i can’t match is FP’s and Keygens ? Can you give a bit more detail about this ?
well i can send to you more than 1 sample of clean key generators being detected by CAV … ! ?? >:-D
and I didn’t touch the heuristic setting … 88)
and you may ask me how I found out that those files are clean … I can simply answer to that question by saying D+ will alert me if this file is going to drop anything to my PC … + sandboxie :-TU
and yeah 1 more thing … does CAV consider any key generators as a malware ! ? even if it’s clean ( does absolutely nothing harmful to your pc just generates codes and keys ) :a0
so do u want those samples ???
If you upload these to virustotal.com you’ll probably see that other vendors mark these as well.
It seems a gray area where AV’s decide to mark these as “malware”.
As I’m just a volunteer i can’t change anything on that, and if you have reported them in the FP board we have to assume they have analyzed them… Same goes for a lot of tools from NirSoft.net they are also flagged while in reality they are tools for those who know what to do with them.
Yes they can be abused, but so can a butter knife…
p.s. no interest in the samples, i know where to get them 
so I don’t have to bother my self sending those samples to any1 , since the CAV developers consider any key makers as a malware ;D … sometimes it’s really a malware and sometimes it’s not < what makes you angry that cav will flag the clean and will leave the infected one >:(
Bad one’s should always be submitted
There is a web interface here for easy submitting:
since the CAV developers consider any key makers as a malwareWrong, only infected keymakers are considered malware by comodo (although there are very few minor exceptions to that). Your thinking of "AVG or maybe a-squared".
if a-squared picked one it will till you it’s a hack tool or something and will indicate that’s not a virus … the story here with cav is much different … most the key makers that I tested them against CAV either clean while < they are not … or detected as unclassified malware ! < sometimes this unclassified malware could b a real problem and sometimes it’s just a false positive …!
and about AVG … it picks what it wants and leave what it wants too … because basically it does not detect any key makers at all … but when I scan it with a key maker that generates keys for their products , it flagged that keygen as a Trojan ! << funny right ! ? ;D
so please answer me clearly ,should CAV detect any key makers or not ! ? < forget about ( non key makers " fake ones " )
and 1 more thing , I think Comodo staff should re-look at their classification … I mean come on ! 4392 unclassified malware …< does the guy who is responsible to this classification just want to put it in rush without classifying them correctly ? and then people get stuck with a lot of false positives ! 
This is a automatic system making these signatures, it currently doesnt name much!
This is a automatic system making these signatures, it currently doesnt name much!!ot! does comodo have a knowledge database or something similar ?
No, I hope one is planed.
in conclusion , comodo should work harder to catch up with the rest of anti virus vendors . ! in my opinion it has the best firewall and HIPS protection … so if there is anything that deserve to spend more time developing it … it will b the comodo anti virus ! 
, ? do you agree with me ? ! ???
regards …
I agree with you.
most the key makers that I tested them against CAV either clean while < they are not ... or detected as unclassified malware ! <
so please answer me clearly ,should CAV detect any key makers or not ! ? < forget about ( non key makers " fake ones " )I agree, The actual keymaker shoudn't be detected. The fake and infected ones should be
This is a automatic system making these signaturesThis is correct, no one intentionally blacklisting actual keygen, (at comodo at least, but some companys are notorious for doing that) <--besides comodo is working on making their anti-virus updates smaller and adding keymaker and such would be counterproductive
You should also know some keygens will get flagged regardless. Why would I say this??? Because some software manufactures create their keys on based on what hardware it’s installed. Think of it as a keygen that’s hardware dependent.
A good example is omnipeek enterprise 5. The keygen need to scan the hardware so it can create a machine id. To most anti-virus software, (REMEMBER, most malware is under 1mb small) , so an anti-virus sees a small program that need to scan the hardware is automatically suspicious until proven clean
Basicly my final point on this subject is: comodo doesn’t intentionally flag something only because it a keygen, there’s always another reason why it gets flaged
*****most importantly, there are infected keygen that will infect certain important files (like svchost.exe) and some anti-virus companys won’t flag it because for a few reasons, If a certian important windows file(infected) gets deleted. windows will have major problems. So it generally won’t flag it until it can be cured. If it gets flagged and it can’t clean it that important file. Generally customers will try to delete that file and it’ll cripple windows (in simple terms, it creates a big customer service problem)
Basicly my final point on this subject is: comodo doesn't intentionally flag something only because it a keygen, there's always another reason why it gets flaged
a false positive may b ;D
thanks to you all for your co-operation …
best regrads ! …