Now that I’m unbanned, is any solution to this likely?
[i]
"I submitted an FP detection last week and then again a few days ago, and received confirmation that it has been added to the safe list…
Well, I’ve got database 7298, the file is no longer detected by the AV but D+ still blocks it. If I submit it via CIS it still comes up as “Unknown” and “Already submitted”.
Of course I can add it to the trusted file list but shouldn’t D+ be informed by the whitelist?"[/i]
Can you post a link to where it is said that it is on the safe list?
Well, I've got database 7298, the file is no longer detected by the AV but D+ still blocks it. If I submit it via CIS it still comes up as "Unknown" and "Already submitted". Of course I can add it to the trusted file list but shouldn't D+ be informed by the whitelist?"[/i]When a file gets removed from the av definitions for being a false positive that doesn't make it automatically a safe file. Those are two different procedures.
Response to first submission
Hello,
This is to inform you that false-positive with HDSentinel.exe (SHA1:39f3f5d55fbdddb63733a402d66be10c409032ae ) has been fixed. You can update to AV database Version 7230 of Comodo Internet Security Version 5.0.163652.1142 and confirm it.
Regards,
Florin Gogoseanu
Comodo Antivirus Lab
and second
Hello,
The sample you have submitted as false-positive is not detected by Comodo Internet Security version 5.0.163652.1142 with database version 7181. Please make sure the Antivirus database is updated and check again. This False Positive has been already fixed on 29 December 2010. If detection is still present, please submit the file on Comodo forums at https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detecte-b154.0/ along with details about the environment on which this event occurred.
Regards,
Florin Gogoseanu
Comodo Antivirus Lab
Then Comodo’s definition of a false positive is a file that contains no viral code, exhibits no bad behavior when analyzed, makes no unverifiable outbound calls but still can’t be trusted.
Does Comodo not trust its own diagnosis? ???
Deeming a file not a virus is one procedure. Deeming a program or a vendor as trusted is another procedure.You can submit the file in Submit Applications Here To Be Whitelisted - 2011 if you want it on the white list of trusted applications.
As for the problem with the false positive. Please make sure you have your AV updated. What is the database of your version CIS? What version of CIS are you using?
I understand and accept that deeming a file not to be a virus, and deeming a program as trusted are currently separate procedures. My suggestion is that they not be.
Anyone got any examples of programs that are not identifiable as malware but cannot be trusted?.
When I last checked (January 5) it was 5.1 and database 7298. (5.3 upgrade was not yet available.)