Good Morning to all,
Today i downloaded probable malware & uploaded it to virscan.org (5/38 antivirus detected it)
Comodo detected it but it was missed by,
AVG, AVAST, ANTIVIR, BITDEFENDER, KASPERSKY, MCAFEE, TREND MICRO ETC.
VirScan - 多引擎文件在线检测平台
:a0
Downloaded probable malware sent it to VirScan - 多引擎文件在线检测平台
(16/38 antivirus detected it) Comodo Antivirus Detected it but it was NOT detected by,
CA(VET), F-SECURE, FORTINET, KASPERSKY, MICROSOFT, NORMAN, NPROTECT, RISING, SOPHOS, TREND MICRO, ETC.
I don’t see a point of this thread. I can show you thousands of samples that are detected by majority of others but not by Comodo. And vice versa for each vendor. It’s how it is.
We said that before. No effect ;D
Its like this, point of this thread is to show
Comodo antivirus improving and detecting the malwares which are being missed by other reputed antivirus.
Also to highlight the false sense of security by having antivirus as first line of defense, if you see samples were comodo antivirus missing malware is shown too, so people can see that even comodo antivirus misses malware detection too.
So highlighting the “Default Deny Protection is the way forward! Default Allow Systems are dead!”
Greetings all,
Its like this, point of this thread is to show Comodo antivirus improving and detecting the malwares which are being missed by other reputed antivirus.Hi Devenroy,
Unfortunately it does not show that… or anything by posting those links
It is possibly better doing that differently
I would suggest Devenroy to create two collections on his hard drive :
one with those files, which are packed
another one - “pure” executables
Yes, Packers were mentioned at the very beginning.
Devenroy, you may read tones of info about Packers. You will find even statistics and a List of AVs regarding their ability to “■■■■■” those. There are a lot of FPs just because of that.
There are commercial known Packers but many new being created “every day” - and that is a problem for AVs.
If the Software is Packed by unknown one you have to run the Software and then get what you get and analyse it… Whatever should catch it. Whether it is real-time of your AV or behavioural Layer of protection.
As for the collections mentioned if you are keeping them and you want to submit those over and over to the on-line scanners please do. Well we cannot rely on those results as a matter of fact – that is my opinion, but anyway … you submit and you may see new results every 5 min (exaggeration… but true 
)
More seriously, you will see many detections will be gone. By many I mean for some sets I had that was around 80% and more. Some flaggings may return (new heuristics “improved”) and go away again… and so on.
I checked such thing in the past having many on-demand scanners installed locally.
You can do the same with your collections rescanning over and over after updates and watch how flagging are disappearing. Packed files flaggings are dying much slower – it may take several months to “clear up”; for pure executables – it takes less time. Sure you may be lucky and get real baddies.
Another thing is:
- you (we) don’t have feedback results from Comodo research regarding each submission;
- you (we) are not running/installing anything and further analysing system’s behaviour
Therefore that is not a research. What’s the point?
Cheers!
Custom made packers are no problem at all. Just detect the packer and you’re done.
The real problem are legit packers that are hard to unpack.
You can’t detect packer itself because many legit programs use it but it’s also hard to unpack it.
Hi RejZoR,
Writers of custom made packers are using polymorphic techniques and so on… and those are not necessarily easy to identify straight away. Probably I got it wrong what you mean by “just detect the packer and you’re done”. That is interesting issue itself to discuss, but it would be Offtopic here
The main point was that posting those on-line scan links doesn’t provide information. Packers were mentioned as one of the causes for FP detections
My regards
hi SiberLynx,
Thanks for posting your response,
I m also aware of the fact that many malwares i m posting here are detected by many antivirus can be false positive, thats why i call them “probable malware”.
If u also see the bottom of the each weblink posted it says,
“NOTICE: It may be false positive by some scanners when they found a malware, so you should judge it by yourself.”
If you go through the thread & see the responses from many people, many find value in this thread, also there are people who have opposite view on this thread they dont see the point in this thread,
So the solution is simple we will continue with thread for those whom this thread has value & point, & for those who do not see any point & value in this thread they can ignore the thread because why waste energy in something which has no point & value for us?
For me this thread has value & point so i will continue with it. :a0
Thanks for expressing your view regarding the thread & giving your valuable time & energy to write the response i appreciate that. :-TU
Maybe the point is he enjoys doing this and is learning from it. His learning may or may not follow strict educational or acknowledged research guidelines or procedures.
If you don’t like his posts or don’t think they are accurate or you think he is using a flawed methodology or drawing false premises, please feel free to ignore it all.
Cheers,
Ewen 
Hi panic,
Thank you for reply.
My question was honest and Devenroy answered that.
I did not call what Devenroy is doing neither “nonsense” nor “waste of time” as you can read from some replies in this thread.
I think I pointed some other ways to test; why the results are not accurate, etc.
I did not offend (I hope) the original poster.
But if you think that ignoring would be the better choice based specifically on my reply… ??? … Thanks again anyway
Cheers!
Take a close look at all the VirusTotal uploads. Yes CAV is catching things. But “unclassified malware” is not enough. Why cant CAV define it. Avira and others do. If CIS wants to detect something then people should get a proper explanation. BTW when are the FP’s gonna ever stop. I am going on 10 for both my pc’s. I only had 1 for Avira. Submitted it to them and the next day it was fixed. I also submitted tons of malware to them. 3 samples to be exact and the next day they were added.
all of these question have been answered before.
- They are called unclassified because they have been identified as malware but instead of wasting time to name them they push out to update so you will be protected as fast as possible. They will get named but it takes more time. FP are happening, remember that when avira was knew it also had tons of FP and it took them time to get them fixed. Right now CIS is in transition for version 4, family signatures, faster updates and new heuristics. I would say give it time, and if you do have FP, why don’t you submit there here and usually they are fixed within a day. https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected-b154.0/ Also submitting 3 samples to avira does not constitute tons of malware. I have submitted I would say at least 3,000 samples and even that is not a ton.
Thats was 3 in one day. Instead of making CIS 4.0 Why don’t they address issues first.
Avira has been the top anti virus for years even with false positives.
Soccerdad FP are getting fixed, as you see at times comodo catched probable malware which was even missed by avira, avira is no doubt one of top antivirus but it also fails at times in detection of malwares which are detected by comodo antivirus & other antivirus.
See languy99’s post lots of things are being addressed by comodo team, which will make comodo antivirus more better than before, as he addressed when avira was new it also had many false positives, they fixed it now though mostly, so lets give CAV similar time too. :a0 :-TU
Thanks SoccerDad & languy 99 :-TU
CAV has a long way to catch up to the likes of Avira. Hell even the May proactive test from AV Comparatives has Avira on top. No av is perfect but Avira is the next best thing.
lan comon give a name for a malware it’s not wasting time and give a name for a malware don’t took a big time.
Most os unclassified malware is rated by CIMA.
“What’s in a name? That which we call a rose
By any other name would smell as sweet.”
There is no agreed standard for malware naming conventions, so, purely IMHO, “Unclassified” is as good as any. What additional info could be gained if Comodo hung a handle on on a piece of unclassified malware?
I’m not being glib here, I just don’t understand how naming the malware provides more security or more info.
Cheers,
Ewen
Panic you are right but some users what to know more things about the malware example if comodo said the name of the malware i can google it for more infromation like what he do if is is on the wild the damage that he do.
Are you seeing what i am trying to tell?