CIS AntiVirus FAlse Positive

CIS Antivirus reports that C:\Windows|System32\sysres.dll is a virus

The sysres.dll file does not have any descriptive info (Name, Company, version, etc.) which I find very odd, but VirusTotal reports that the file is found to be OK by EVERY antivirus system including Comodo, as of 3/31/09, so I had the file reanalyzed and all including Comodo found the file to be OK. The Comodo db that they report using is 1157.

The message that I get is: Heur.Packed.Unknown

I’m using 3.9.95487.509 with db 1192, so how can VirusTotal’s use of Comodo say that the file is OK while mine saya that it is a virus, and why is there such a wide difference in db numbers between my 1192 and their 1157, since they say that all of their virus db were updated today, 5/23/09?

they were not virus total has not updated to the new 3.9 engine, use www.virscan.org , they seem to really be on top of things.

Hi wrapper

Please submit the reported file to the forum
Please follow the procedure given in link:
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/how_to_report_false_positivessuspicious_files_how_to_submit_them-t36051.0.html

Regards,
-Chandra Mohan

Hi Chandra,

I believe that I did report the false positive as directed in the link. As noted in the link, I can’t upload the file to this forum, so I emailed it again as indicated in the link. I believe that I also sent it to Comodo via the submit mechanism.

What more would you like me to do?

This file is one of several that has been on my hard disk unmodified for some time, and with which previous versions of CIS had no problem.

Ray P

As of 5/31/2009 this false positive is another file that is passed as OK by db 1224