Delphi 2007 - BPL Packages - Heur.packed.unknown

With the latest update of the virus database a lot of files in the system32 directory are flagged as “Heur.packed.unknown”. The files questioned by the firewall are all BPL (Borland Package Library) files which are distributed by Delphi 2007 (Professional) as required runtime packages. Those files are:

Windows\SysWOW64\adortl100.bpl Windows\SysWOW64\adortl100.bpl Windows\SysWOW64\bdertl100.bpl Windows\SysWOW64\dbexpress4100.bpl Windows\SysWOW64\dbrtl100.bpl Windows\SysWOW64\dbxcds4100.bpl Windows\SysWOW64\inet100.bpl ...
The list goes on a lot longer and pretty much every bpl file is detected to contain "Heur.packed.unknown" as soon as it's used by Delphi 2007.

This is definetely a false positive since all those files belong to Delphi 2007 and are for sure not infected with anything. Those are runtime package libraries used by the Delphi 2007 development environment only.

[Edit]
Something like this happened with other Anti Virus applications before, where an AV (I don’t remember which it was) would flag all applications compiled with Delphi to contain a virus because of a tcp/ip delphi component which was used by those applications. This might be something similiar where some signature/component which is typical for Delphi packages/applications is detected as virus.

[attachment deleted by admin]

Hi
Could you zip the files and attach it to your post.
Regards
Shaogang.He

Almost all Delphi .BPL files - from Delphi 3 to Delphi 7 are detected as “Heur.packed.unknown” too. I saw the similar threads here about FPs in .BPL files, but there no reaction from Comodo till now. These files are still detected as “Heur.packed.unknown”.

I have edited the first post and added some of the BPL files (adding all would be too much).

Would be really great if this could be fixed, it’s really annoying if you are flooded with 20 false virus messages when starting delphi.

Hi,hquer
Detection for submitted samples have been added. Please check in virus signature database 1261
Regards
Shaogang.He

Shaogang.He,

Can you add detection of these .BPL files (From Delphi 4-7) (see attach)? At this moment they are detected as “Heur.packed.unknown” (FPs). If you add these files detection in virus signature database, will COMODO detect similar .BPL files from Delphi 4-7 as safe? Thank you.

[attachment deleted by admin]

It seems to work for the BPL files I have uploaded, they aren’t detected anymore.
However the other BPL files which I didn’t upload are still detected.

Just want to stress that it is no solution here to just add the files which got a false positive to some kind of white list. Doing this would mean to add hundreads of BPL files just from all the different Delphi releases to the list. Not speaking of custom made BPL files which might be distributed with applications. Here the underlying problem/algorithm must be fixed that those BPL files got detected in the first place

Hi,olmor
You can update the latest DB,these FPS has been fixed.
Regards
Shaogang.He

Shaogang.He,

I confirm that these FPS has been fixed, but there is a lot of FPs with other .BPL files. I am afraid that we will fix them one-by-one for years, if there is no method to fix them all. There is a huge amount of .BPL files in the programming world. Is it possible to fix them ALL?