I expressed my concerns about CFW in another thread some weeks ago, but CAV is exhibiting the same behaviour both during installation and also on VT.
VT flags both of these programs as trojans, though it is only with one scanner called Yandex (I hear that’s a massive Russian equivalent of Google, so not a tiny unknown brand), and MWB picks up both of them during installation as a trojan trying to make an external connection, that was supposedly blocked by MWB, though installation is allowed to continue.
I understand the concept of false positives, but still, I prefer my files to show up as completely clear in VT, and the MWB thing definitely has me concerned.
Can anyone shine some light on this, because I want to install CFW but not while MWB is telling me it’s malicious.
On Hybrid Analysis’s online sandbox test it also gets rated as suspicious due to a string that may be used as part of a spyware injection method (I assume it’s referring to a .dll file), though it passes the virus check.
The supposed trojan that MWB blocks during installation pops up as “download.adtrustmedia.com”, which appears to be one of the DNS requests that the installer makes during the installation.
can you provide a VT link belongs to CFW installer that you have?
:P0l
here is the latest online CFW installer that all of us are already using. downloaded from forum (also matches with latest CFW installer from comodo.com website)
p.s: very common behavior between security softwares one flags another one as a malicious, like yandex is flagging every comodo products. not sure about yandex is security firm but didn’t notice another one you’ve mentioned similar to yandex too :o
Hybrid Analysis is another online scanner that checks files against multiple sources for suspicious activity, then runs them in a sandbox whilst simulating attempted http connections to see whether the file has any incoming or outgoing action during runtime.
Could you please point me to where the download link to that particular build of CFW is? I’ve not downloaded anything from the forums, but everything has been downloaded from Comodo’s official website, and all of them are coming up as suspicious by Yandex and Malwarebytes.
All files with extensions *.exe, *.dll and *.msi contained in the offline CIS installer (“cispremium_only_installer.exe” available on this forum here) are clean.
VT score is zero for all these files.
Nothing to worry about.
EDIT:
The file “cispremium_only_installer.exe” is clean too of course, VT score again zero.
Just to follow up, I have a year old build of CFW (cmd_fw_installer.exe // version 12.2.2.7036) that I downloaded directly from your website, last year, and keep on a spare external drive with other drivers and programs I need to install on a PC after being formatted. This build also comes up as flagged by Yandex, and gets picked up by MWB during installation, as do the most recent builds of CAV and CIS.
This older build I’ve actually used multiple times on various PCs over the past 12 months. The report, which admittedly I can’t entirely grasp the understanding of, makes me a bit uncomfortable with all the “red” points appearing in the various sections. So many connections made to something called yinemeter wemec? Unfortunately MWB wasn’t installed on any of those older PCs and thus, I was never made aware of the potential trojan (i.e. download.adtrustmedia.com), and didn’t think to check a file downloaded from the official Comodo website on VT as I wasn’t as knowledgeable on the subject as I am now. Would appreciate if someone more knowledgeable could check the report and let me know what they think.
I just dug up the old release notes for that exact version (12.2.2.7036) and both the MD5 and SHA1 codes match up. I also downloaded the CFW file from the link in the forums and it provides exactly the same report as the one I linked above, so indeed the file I’ve been using was obtained officially via Comodo. The question begs to be asked then, why so many red flags, and how is a user that’s semi-knowledgeable but by no means an expert, meant to discern what’s safe and what isn’t, when “safe” programs come up with so many warnings in VT?
Also the online installers “cispremium_installer.exe”, “cav_installer.exe” and “cfw_installer.exe” (available on this forum here) have VT score zero and are thus clean.
So nothing at all to worry about or do I miss something?
And also the fact that the latest releases of CAV and CIS being served on Comodo’s official website, come up as trojans on VT and also with MWB real-time protection.
Regarding the FusionCore files that are being dropped by the online Comodo versions into Appdata/Local/Temp, note that these are but relics from when PrivDog was offered and just not coded out in the current online (packaged) versions.
When fusion.dlll is dropped (also the tmp version mentioned above is also created) it tries connect to AdTrustMedia but will fail with code 0X80070002 as the additional files it needs to run do not exist (no more PrivDog). Fusion.dll will be deleted after Comodo installation and initial reboot, but the fusion.dll.tmp file remains to freak some out. But if one wishes, files in Local/temp can be wiped out with a good cleaner (like the Junk File cleaning option found in the excellent HiBit Uninstaller). Note that once deleted it will never repopulate.
For any interested, the actual (active) FusionCore file can be seen here:
Downloaded from the official Comodo site the following latest online installer files: “cispremium_installer.exe”, “cav_installer_138430010_1a.exe” and “cmd_fw_installer_138430009_eb.exe”.
Again all these file are clean too, and again VT zero score.
I just redownloaded CFW, CAV and CIS from the official website and all three are now coming back as clean, which means that somebody must have done something since my initial post yesterday informing them of the matter on VT (downloaded from https://personalfirewall.comodo.com/ and Best Internet Security Software 2022 | Antivirus Total Security). I’m still not sure about MWB though, as I’ve not tried to install the latest build yet.
My question still stands though, for people who had already downloaded older versions (specifically 7036), whether or not the flags in the VT report that I attached above are cause for concern, or whether that was in fact a legitimate and official CFW installer, and the red flags listed in the report are of no cause for concern. I’d like to hear directly from Comodo staff in regards to this one, as I’d been using that older version on numerous PCs due to it being the only version that would readily install on Windows 10.
Ultimately what I’m looking for now is confirmation that having used 7036 for the past year or so on multiple computers, whether I should be concerned, or whether, despite the numerous red flags appearing on VT (and MWB), the program itself is safe.
Again, you can refer to my VT report found here - VirusTotal
and to reiterate, the very same file is still available on the forums (Comodo Forum), and has an identical MD5 and SHA1 to the CFW installer I downloaded from the Comodo website last year, and has an identical VT report to the one I posted above.
