Could this be a false positive?

Today, I did a virus scan and found a variety of files marked by Comodo as “Rootkit.HiddenFile[at]0”. All these files were in C:\Windows\Installer$PatchCache$\Managed\00002119E20000000000F01FEC\12.0.6425.

Every single file is related to Microsoft Office, mostly DLLs that pertain to Office. I recently reinstalled Office and as the system was applying new office updates, I lost power. Since then I haven’t been prompted to install those updates and I’m wondering - is this a false positive? Could it be that these are merely files from my Office update that were marked as hidden, and Comodo heuristics are picking them up as a hidden Rootkit?


P.S. When I hit Submit in the Quarantine window, it opens up a submission window and the status says “Already Submitted” with a green checkbox next to it. Does that mean that these files are legit?

Hi Silversurfer88,

Please add the folder


to Defense+ → Unrecognized Files, check the files and press “Lookup”. Provide us with the result of these steps and how the files were marked (malicious/suspicious/unknown) in order to verify the issue.

Thanks and regards,