CIS blocked Vista Security Update KB956572 - had to uninstall CIS

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
1

Vista Home
CIS - downloaded yesterday (sorry, forgot version, will post later)

Installed CIS, did all CIS updates, etc

Vista tried to install Security Update KB956572 but no luck. There was some quick display by CIS that it had found something and it was in the activity log but I couldn’t find a way to allow the update process

Disabled CIS and then tried to install the KB956572 update but still blocked

Had to unistall CIS totally and then the security update installed

Then reinstalled CIS

Now more security updates available but haven’t tested yet if they will install

HTH

2

Hi Scanreg,

Can you please tell us more details regarding this?

  • was it blocked by Defense+, Antivirus or Firewall?
  • if was the antivirus can you please tell us detection name/do you remember the file that was detected?

Thank you!

Regards,
Ionel

3

Dang, the uninstall wiped out all logs

The blocked item was deemed ‘malware’ if I remember right

The blocked item related to a pending renaming of some file I believe

The security update would get about 90 percent in and then not complete.

Am now going to initiate the Vista Service Pack 2 install, see what happens

4

Thank you scanreg for your reply!

If during the updates installation you encounter the false-positive again, please have it submitted at Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year and we will fix it as soon as possible.

Regards,
Ionel

5

Hi,

I am also encountering the exact same problem on the same Windows Update as scanreg, and may be able to answer some questions that scanreg could not.

I am running on Windows Vista. My Comodo Internet Security version is 3.14.13009.587.
My update was blocked by Comodo Antivirus.
It was detected as a malware named:
Backdoor.Win32.PcClient.~a88561940
The file name varies everytime I retry my update, but they are all located in this folder:
C:\WINDOWS\winsxs\Temp\PendingRenames<series of numbers and alphabets>.x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876_rpcss.dll_fd3e269b

*The file names are all the same, except for the series of number and alphabets which varies each time i retry my update

I hope this helps in identifying the problem and solution. I have yet to uninstall my CIS in order to proceed with my Windows Update. Please advice on this.

Thank you,
Ephemeral

6

Yep, sounds familiar, thanks for posting :slight_smile:

7

Hi ephemeral,

Thank you for reporting this! We will verify and fix this issue.

Regards,
Ionel

8

Thank you all for the awesome quick reply. :slight_smile:

Ephemeral.

9

Hi,

This false-positive was fixed with DB 3829 of CIS 3.14.130099.587.

Thank you for reporting it!

Regards,
Ionel

10

Thanks Ionel for looking into this matter.
I have no problem with my update now~

Ephemeral.