Defense+ Event - c:\windows\installer\msicc.tmp

Was reviewing logs today and noticed that during or shortly after bootup on 7/13/10, Defense+ recorded the following event:

Application: C:\WINDOWS\Installer\MSICC.tmp
Target: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
Flags: Access Memory

I do not recall any pop-up warnings of this event, so I’m assuming Defense+ was just recording one of many transactions that have occurred since I installed version 4.1.xxxxx… on or around 6/1/10. I looked at the entire Defense+ log. This particular event has never occurred before

So, I’m here asking you to verify this event was normal operation and not a threat. FYI, I scanned MSICC.tmp with AV. Zero threats found.

Steve

Hi Steve,

When you encounter a False Positive (=FP) please follow 1 of these 3 ways so it can be resolved as quickly as possible.
Thanks.

Kind Regards.
Erik M.

Hi Erik,

Before sending files, I was asking if the described event/components used are part of the normal functioning of CIS. After all, Defense+ recorded the event without notifying me that it might be a threat.

Example: Perhaps some component of CIS normally uses MSICC.tmp when it updates itself.

If you believe the event is suspicious, do you only want MSICC.tmp or cmdagent.exe as well?

Asking reasonable questions,

Steve

Hi Steve,

I think what this could be anything. I can not say anything only by name of file.
So if you want to be sure in safety of this file “MSICC.tmp” you can pack it in ZIP, RAR etc. with password and post it here, i will check immediatly is it Malware or Safe file.

Kind Regards,
Erik M.