False Positive nsprocess.dll

Hey all, I was attempting to download the Adobe Flash Player from (or the macromedia player, I think it’s the same) and CAVS alerted me of a virus via the on access scanner. The file name is nsprocess.dll, and the virus name associated with it, according to CAVS, “not-a-virus:Risk Tool.Win32.PsKill.Q”. After looking this particular file up and reading about it, it seems many Anti virus suites, including F-Secure seem to have seen this as a virus when in reality it isn’t. Having been inactive on the forum for sometime I forgot the email address to send the file to, but I have submitted it through the anti virus quarantine section itself. Now lets see how quick it gets changed…

GREAT JOB COMODO!!! ;D I don’t so much mind false positives, at least I know Comodo is working and doing it’s job spectacularly. No sooner had the file begun to install than it was stopped in its tracks. I had to stop using Comodo a few weeks back because my system was not doing so well with it, after downloading it today and running it for a few hours I have no problems at all. My system runs just as fast as it did with AVG before and I feel I’m getting somewhat better protection!!

Thanks very much to all you developers and people who spent time beta testing this product.

Edit: This is one website that tries to explain it I think


Also, my apologies if this isn’t a false positive in which case the comodo team did one hell of a job!

Sorry guys, I think I answered my own question but feel free to correct me. Some malware uses nsprocess.dll in the installer, therefore, the geniuses at Comodo decided to include it just in case figuring that a few false positives were acceptable when there was the possibility of catching malware before it infected the computer.

Once again, sorry about the wasted post. Comodo outdid itself once again, amazing job guys keep it up!!! (:CLP)

At least this is what I hope happened, otherwise I made myself sound like a raging idiot (not apart from normal), but I’d still like to save some face here lol


Hi Dave,

Yep, this is a correct detection by Comodo Antivirus as Pskill.exe can be used by malware applications. As you have put it on the computer yourself, you know it is safe and you can exclude this in CAVS if you wish.