Avira detects cmfd.sys as a TR/Rootkit.Gen Trojan.[resolved]

pudelein · December 5, 2008, 1:05am

I have been using CMF for ages alongside Avira AntiVir Free without any problems, However, in my scan this evening,
using today’s updates, Antivir reports that %ProgramFiles%\Comodo\Memory Firewall\cmfd.sys is “TR/Rootkit.Gen”. I will report this to Avira as a false positive, but think Comodo might like to know about the situation.

Kyle142 · December 5, 2008, 1:13am

Thanks pudelein…

For everyone who’s getting this alert you can put the CMF folder into avira’s exlusion list until avira fixes this problem.

pudelein · December 5, 2008, 1:29am

Kyle,

Avira may wish to download the CMF installer to try the whole thing themselves (I did upload cmfd.sys for their inspection), but I cannot find it on Comodo’s pages anymore! Do you have a notion about that?

Kyle142 · December 5, 2008, 1:32am

http://www.memoryfirewall.comodo.com/

It’s not exactly easy to find unless you know where to look on the homepage

Bracca · December 5, 2008, 9:13am

I think this is false positive? Since i tried to update comodo memory firewall since it asked for me to update it. As soon as i clicked ythe update choice, Avira pops up and says that C:\Documents and settings\Bracca\Application Data\Comodo\Comodo\Memory Firewall\Data\Tempfiles\cmfd.sys as a Rootkit/Trojan. Weird since Avria has never done this before.

Cordialis · December 5, 2008, 9:18am

Yes, it probably is. I have the same issue. Avira wants someone to upload the file and send it to their lab. I don’t know if anyone did it.

There is one more thread about it here: https://forums.comodo.com/help/avira_antivir_identifies_cmf_as_trrootkitgen-t31243.0.html

Cordialis · December 5, 2008, 9:21am

There is one more thread about it here: https://forums.comodo.com/empty-t31261.0.html

Bracca · December 5, 2008, 9:59am

Ah. Thanks n.n

Cordialis · December 5, 2008, 10:10am

You’re welcome. I actually think Comodo should write Avira a little friendly note. Avira is fine company, - I’m sure they’ll work something out…

pudelein · December 5, 2008, 2:38pm

I submitted cmfd.sys to Avira last night as a suspected false positive. ID number is 25203587. They replied to me this morning that it is indeed a false positive and will be removed in an updated signature file.

ganda · December 5, 2008, 2:48pm

merged here
double post removed (:m*)
:■■■■

weaker · December 5, 2008, 9:57pm

I also submitted it but pudelein was faster because it immediately recognised it as a FP and after the update everything was well again. Avira is really quick with FP.

Cordialis · December 6, 2008, 5:14pm

It’s fixed! The update went through smoothly just an hour ago! Thanks Comodo and Avira!

ganda · December 7, 2008, 8:46am

locked then
:■■■■