Clarification about the warnings

Hi,

Recently I switched to Comodo for my virus scan and I my first big impression is that Comodo is really strict. It is so strict, that I cannot determine if a threat is real of just highly suspicious.

I have a fair amount of debugging tools and programs that require low access to a port or a other (active) program in memory. Even self made ones and programs that have a USB dongle as licensekey. These tools triggers CIS to generate warnings like: Malware@#g0j… , Suspicious@#29… , .UnclassifiedMalware@1 , TroyWare.Win32… , Anti.MSA.dll@… , Backdoor@t0…

To be honest I do not find this helpful. Yes, I have programs that are using a ‘disliked’ technique, but what if I want the program to do that? And furthermore if that program gets a ‘real’ virus in addition to its ‘disliked’ technique, how can I see that?

I would very much like to have a clarification what Comodo has detected, so I can determine for myself if it’s really a problem or not. E.g, “Suspicious@#3tqax5wo198kk” what does “#3tqax5wo198kk” mean?
What does a tilde “~” means or a bar “#”? When is it a “real” virus or then is it a ‘slightly different’ version of a known virus?

Thanks for the help.

If you’re not sure if a detection is a false positive or not then you can report it to Comodo as a false positive. Descriptions for how to do this are given in this post.

If they find that a detection is not in fact a false positive then you can choose to ignore this by adding it to your antivirus exclusion list. This can be found under Antivirus => Scanner Settings => Exclusions. However, be careful when doing this because this will mean that the file will never be detected with the antivirus.

Let us know if you have any more questions.

Thanks.

Hi,

Thanks for the explanation, however reporting a false positive is not the problem.

At this point I do not know when I have a program is a false positive or not.
I only can know if it is a false positive if CAV reports to me what the program does and asks me if a agree that this program is allowed to have that functionality.

CAV does not explain to me what he has detected, so I cannot say ‘for sure’ if it is a ‘false positive’.
All I got are a load of ‘potential threats’, warnings and CAV does not help me with a solution.

Ok, then perhaps this article will be helpful. How to Tell if a File is Malicious

Ah.

This looks very promising. I’ll have to look into it more.

Thanks!

Choose a reputated antivirus free version (without an own guard!). And use it on demand as second opinion.

2 Examples:
Malwarebytes antimalware free version (specialized database).
Emsisoft / a-squared free (big database).

Dont forget to manually update the database before scanning.

I think Casper12 was trying to say that CAV alert box info is a bit cryptic and it would be easier to understand if info was presented something like this:

File: example.exe
Detection: signature (or heuristics, or cloud)
Virus name: (or possible variant of , if detected by heuristics \ cloud)

instead of UnclasifiedMalware@3445434656