CAV not have as many false positives as his reputation

kinemitor · November 14, 2010, 4:38pm

comodo not have as many false positives as his reputation, if you look at the statistics of total virus in the top 10 paranoid antivirus, mcafee is in the fifth, in the seventh is avira and comodo is not in the list
i know that does not show exactly false positives, but is very close.
http://www.virustotal.com/stats.html

Syl · November 14, 2010, 5:13pm

What’s annoying about CAV is alerts for “annoying” apps, or heur alert about dual extension (chrome extension for example…).

SiberLynx · November 14, 2010, 8:40pm

Despite being interesting – one day statistics cannot be considered as a statistics per se, including numerous factors that were discussed many times and are understandable.
Plus the statements about the detections by VirusTotal and alike sites. None of them can be completely trusted. The rule is – basically only particular vendor, that produced flagging can tell after subsequent analysis.

What was considered as FP or real detection “yesterday” could’ve been changed if resubmitted 5 min later the same “yesterday”

As for Comodo’s AV it has the highest rate of FPs by my opinion.
Have a look at any vendors’ forums & you will not find anything even close compare to daily reports here about Fps (being confirmed).
The detection is still low around 60 % - the image (graph) was posted few times recently

Hi Syl,

re: “… alert about dual extension… ”

That is indeed more than annoying. In the past that question was asked here. The explanation from the developers was simple:
“because of the double extension” = “just because of the file name”,
but the question about a validity of flaggings based on file names, but not the code ???, which is unacceptable was not answered.

I have files here with triple & more extensions… so?

My regards

Syl · November 14, 2010, 9:25pm

especially when the extension does nothing by itself.

file.ch.js ?
yep… worst thing it can do is open notepad if you have .js associated with it.

SiberLynx · November 14, 2010, 10:00pm

Exactly!

Sure, “see_naked_girl.jpg.com” attached or downloaded from website (which is “.com” ) can represent known technique of spreading a worm,
but it doesn’t mean that “.com” extension necessarily represents an executable

add it to any “.txt” & that will be “not valid App.” when trying to execute, but you can open it with the editor… etc.

Cheers!

khanyash · November 17, 2010, 9:02am

FP’s from CAV is High. Most FP’s are Heur.Suspicious. Unclassified & Signatures also gives FP’s. I dont know about dual extensions coz I have never received such alert, maybe I dont have any file with dual extensions or they never got flagged. I have read here about keygens & apps which are not malicious are also detected by CAV, though with the detail in the detections as UnsafeApp.

For me CAV 's detection is good & acceptable but curently I am not using CAV coz of couple of reasons which I find dangerous coz the system here is shared by 3-4 average users. The reasons being -

High rate of FP’s
No visible Quarantine button on AV alerts. I dont find the default visible Clean button on AV alerts suitable for average users coz its deletes the files without informing the user. Atleast it should save a copy in Quarantine before deleting, but the best would be a visible Quarantine button on the AV alerts & the Manual Scan results.

Thanxx
Naren

Edit - Currently I am running Avast 5 free & Comodo Firewall only. As you know Comodo Firewall only also has Cloud detection so I want to know Cloud detection is only signature detection or its heur detection too & those Heur.Suspicious detection also applies to Cloud.

Comodo Antimalware Database, in malware category Heur.Suspicious is there, does this mean Heur.Suspicious is also like a signature & are added in the database.

kinemitor · November 17, 2010, 4:06pm

cloud is signatures then behavior (CIMA)
not heur

khanyash · November 18, 2010, 1:54pm

You mean Cloud AV will not give Heur.Suspicious or Heur detection, right???

kinemitor · November 18, 2010, 4:04pm

cloud alerts are like
suspicious
suspicious+
suspicious++
it will not say something is exatly a virus and can have FPS but i think is very reliable, i have never get a cloud alert for an FP yet

khanyash · November 21, 2010, 2:05pm

Cloud Scan here I mean Under D+ - Image Execution - Scan Unrecognized Files. This is the Realtime Cloud Scan in D+. I wanted to know whether this Cloud Scan is only signature based or it also has heuristics & can give those heur.suspicious detections which I find mostly are FP’s.

Thanxx
Naren

siketa · November 21, 2010, 2:38pm

This cloud scan checks if executable file is in the whitelist.
It’s not going to check the signature list or analyze file behavior like AV scan does.

khanyash · November 22, 2010, 12:34am

No this cloud scan does both i.e whitelist in cloud & malicious files. If you uncheck Scan Unrecognized both the functions are disabled whitelist & malicious. You can check these by downloading leaktest from grc.

So as the cloud scan detects malwares I wanted to know if its only signature detection or heuristic detection too. Coz if it also detects heur then it will give heur.suspicious detections which are mostly FP’s.

Thanxx
Naren

siketa · November 22, 2010, 7:05am

Hmmm…yes, you could be right…maybe some dev can answer this…

Searinox · November 23, 2010, 5:24pm

Comodo randomly decided today to flag one of my files, that I’ve been over countless times, as malware. It is this erratic and inconsistent behaveior from one update to another that is causing the problems. And it’s not just heuristics. I have mine off when I got that alert.