Comodo starts detecting it's own updates as virus-malware

I see that you have plenty of reports here so I will make this short. For the past few weeks Comodo has began to detect other anti-virus program updates as virus-malware to be isolated. This did not surprise me, perhaps that program should not be concurrently installed on my sytem with your operating Comodo Internet Security Suite. I thought that most of these definition files included an internal marking to prevent this sort of false detection. I ignored the detections for Avast4, but this week, Comodo (3.8.65951.477) began regularly to detect it’s own updates as virus-malware to be quarantined. Now that seems to be particularly wrong, and for that reason I am now posting these incidents as a possible bug.

My system is either XP Pro Sp2 or Home XP Sp2. I have all updates to Sp2, excluding Sp3 which I prefer not to install as it seems to monkey with my own ability to copy or export-import my own private audio work files. It’s rather a big point if you are in rthe business of producing news stories on your own computer. I did not install Comodo in the default installation folder but in an alternate location. I use DirectX 10.

but this week, Comodo (3.8.65951.477) began regularly to detect it's own updates as virus-malware to be quarantined.

Hi,
Can you please elaborate more on this?

and also:

For the past few weeks Comodo has began to detect other anti-virus program updates as virus-malware to be isolated.

Thanks
-umesh

Hi,

Sorry for the delay in reply. I wish that I had taken better notes when all of this started and then I could have replied more usefully, but that is the difference between an amateur and a pro, I guess.

This newer version of Comodo appears to scan on it’s own even when weekly scan is disabled. It is a new behavior which I don’t completely understand. So occasionally I am receiving these messages of late which I believe are referencing a heuristic detection. The original detections appeared to be on avast4 temp files as well as some comodo temp files (perhaps updates?). The recent detections have not been including any Comodo files, so I can not include detailed information on that. They only include what I think are avast4 temp update files and all have the number 9547872 pinned to them. I suddenly realised this simularlity. I would have swiped these report messages with my mouse and saved the information to send to you but it appears… that is not possible. Anyway, as I did say, I put off mentioning the detections when they stuck with avast4 updates. I did that because I thought this was probably MY problem for having an alternate anti-virus program installed on my computer while Comodo with it’s own system was installed. It was only when I had recieved simular ‘heuristic’ scan warnings on some Comodo (update?) files that I thought I should mention this. Now I am not seeing those same Comdo detections.

Not wanting to be stupid, but only recently I updated from an older version of Comodo which did not contain any form of anti-virus protection. Having no experience with the seriousness of this new version of Comodo protection, I still had not decided whether it might be smart to completely uininstall or disable my original Avast application which has served me well. Since Comodo in the past was only designed as a firewall protection I found myself wondering if it was indeed designed to function as a sole-operating anti-virus protector or if the anti-virus was an extra boclean-like protector.

Which… gosh! Brings up even the question that if you had boclean installed before, should you be yanking it off your system if you use this new version of Comodo as well?

So please excuse me, I am trying to update my possible bug experience references, but they have drawn me as well into some other issues that probably were not best referenced in this section.

Thank you for your patience and sorry for the delay.

Thanks for explanation dionisiog,
From your description it seems you have seen heuristic False Positive in incomplete files, which is a possibility.

They only include what I think are avast4 temp update files and all have the number 9547872 pinned to them.
This seems sign based detection, which we will look into and resolve as long as number you have provided is correct.

Regarding upgrade to CIS from Comodo Firewall Pro, I think you don’t need any other security s/w to protect your system if you have CIS installed. BOClean can stay there for added security but as long as you watch Defense+ alerts, you should be safe from any zero day attacks.

Btw from next CIS release we are adding BOClean capabilities in CIS, so you can just have CIS.

Thanks
-umesh

Perhaps I should continue to track any of these alerts while you look into this.

My most recent Comodo alert involving avast4 did not list any reference number but continued to suggest some temp update files as being unknown heuristic detections.

Hello,

Just to let you know that for several days the false detections have not taken place. I would also mention that in the course of events, I thought it appropriate to mention this subject to Avast in case there was some type of error in it’s own software. A few days later Comodo stopped detecting Avast updates as an unknown heuristic virus.

Thanks again! Great work.