Avira detects cmfd.sys as a TR/Rootkit.Gen Trojan.[resolved]

I have been using CMF for ages alongside Avira AntiVir Free without any problems, However, in my scan this evening,
using today’s updates, Antivir reports that %ProgramFiles%\Comodo\Memory Firewall\cmfd.sys is “TR/Rootkit.Gen”. I will report this to Avira as a false positive, but think Comodo might like to know about the situation.

Thanks pudelein…

For everyone who’s getting this alert you can put the CMF folder into avira’s exlusion list until avira fixes this problem.


Avira may wish to download the CMF installer to try the whole thing themselves (I did upload cmfd.sys for their inspection), but I cannot find it on Comodo’s pages anymore! Do you have a notion about that?


It’s not exactly easy to find unless you know where to look on the homepage :frowning:

I think this is false positive? Since i tried to update comodo memory firewall since it asked for me to update it. As soon as i clicked ythe update choice, Avira pops up and says that C:\Documents and settings\Bracca\Application Data\Comodo\Comodo\Memory Firewall\Data\Tempfiles\cmfd.sys as a Rootkit/Trojan. Weird since Avria has never done this before.

Yes, it probably is. I have the same issue. Avira wants someone to upload the file and send it to their lab. I don’t know if anyone did it.

There is one more thread about it here: https://forums.comodo.com/help/avira_antivir_identifies_cmf_as_trrootkitgen-t31243.0.html

There is one more thread about it here: https://forums.comodo.com/empty-t31261.0.html

Ah. Thanks n.n

You’re welcome. I actually think Comodo should write Avira a little friendly note. Avira is fine company, - I’m sure they’ll work something out…

I submitted cmfd.sys to Avira last night as a suspected false positive. ID number is 25203587. They replied to me this morning that it is indeed a false positive and will be removed in an updated signature file.

merged here :slight_smile:
double post removed (:m*)

I also submitted it but pudelein was faster because it immediately recognised it as a FP and after the update everything was well again. Avira is really quick with FP.

It’s fixed! The update went through smoothly just an hour ago! Thanks Comodo and Avira!

locked then :slight_smile: