All our systems that use Comodo Dragon have received the update to version 97 AND now a file in the Dragon folder, dragon_install.exe (also known as SetDefaultBrowser.exe) is being flagged as Spyware - Agent Tesla - by Malwarebytes. This file has been automatically removed from all the systems it is being detected on. I contacted Malwarebytes and opened a ticket as this being a potential false positive. Anyone else reporting this? Virustotal also shows 2 vendors detecting this (Malwarebytes is one). Can anyone shed some light on this? I have instructed my users to not continue to use the browser until I know for sure this is a false positive.
I complained all about these “potential unwanted behaviours” before
But the Dragon team employee, Vasi, said
So I stopped using Dragon and stop testing it. I reported some bugs still unresolved. Wishes are all un-answered. They just trying to keep core up-to-date, but even with the new release they are behind. Chrome 98 fixes 27 security issue, with Dragon 97 I assume all Dragon users are un-patched against those security vulnerabilities.
As Another Dragon team employee, Diana, said "It is user’s choice to what software to use.
I do not use Dragon and do not suggest it to anyone. Untill they solve everything. First become solid, then they have to improve privacy & security of Dragon. Then may be I will consider to use it.
Well it’s not harmless if you don’t want it to begin with. There should be an option to de-select these types of things during an install.
That being said, to me there is no indication this is was you think it is. I’d like to hear from Comodo on this, as I have to complete a full incident response.
Comodo, what’s the deal with this detection on this file? Is it a false positive? Why is it causing the detection?
Can we opt out of the potentially unwanted apps? We can with other software we use.
VirusTotal shows 2 security vendors have flagged the file. Whenever I install it, there is a choice given. But I notice there is a popup… maybe a few minutes after installation that prompts you to agree to change your home page or make Dragon default. It usually catches me by surprise because it pops up late. I just uncheck the box and select decline.
We all do that, but then the product should then regard that as THE “opt out” and never ask again. The response can be added to the user’s profile where it can be checked at upgrade and then there is no need to push down the PUA and have to put users through this time and time again.
Guess I’ll just have to create a rule in the firewall to block the download altogether.