False positive. When will it stop?

I can’t believe the number of false positives that Comodo detects.

Comodo detected maybe 2-3 viruses in my PC, but it also detected more than a 100 FP.

I uploaded one FP a month ago and it was fixed. Now a month or more later, the same FP comes back again.

So my question is, when will it stop, when will Comodo fix this problem?

Hello. My estimation as to when will fps stop will be, never!. I say this because no matter what av you have there will always be an fp problem due to new programs and software constantly changing… I think you mean that the number of fps have been horrendous. I will agree there and say i reckon when the data base is dramatically reduced via the intro of family sigs to say around 1.5million (if thats possible) then i think we will see a reduction . I also feel it may take until version 4 and the intro of Cima which may finally solve the problem of an extrodinary ammount of fps.

Regards
Dave1234.

I hope that it will improve with v4.

Did you notch up the Heuristics setting to anything higher than Low? With settings higher than Low you will get lots of FP’s. Just stick to the default Low setting.

Hi MJ,

If you can give details of FP you are seeing, it will help.

Thanks
-umesh

Hi MJ.nfl,

Sorry for the inconvenience.
If you can find the FP file,you can submit through this link:Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year we can go to have a look at it.And if it’s not an FP,we will send a mail to u.

Thanks and Regards,
hailong.■■■■

[at]EricJH
It is the default Low setting.

[at]umesh
Here is a screenshot.

[at]hailong.■■■■
I submitted FP.

Virus total result (it doesn’t show that Comodo detects it)
http://www.virustotal.com/analisis/6cbbaa2159a019fdbd8ce4a39970ddf112b2abd195fc4cf74e1cabbfa8ee8e89-1251031855

PS: Sorry for late reply. Had to go to job.

[attachment deleted by admin]

I got Email answer.

Reported False-Positive Can Not Be Processed: SignSIS-GUI.exe (SHA1:e2f72b48b995003085ef54935759274978d4877e)

Hi,

This is to inform you that we have scanned SignSIS-GUI.exe (SHA1:e2f72b48b995003085ef54935759274978d4877e) with latest antivirus
database version 2068 of Comodo Internet Security Version
5.10.102194.531 and have not found this file being detected.

Please check again. If the problem u found, occurs again, Please report
in comodo forum with more details that you can give about the detection
such as screenshot of the detection, etc.

Forum link:
https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected-b154.0/

Regards,
Chandra Mohan G
Comodo Anti-Virus Lab.

PS: It is still detected

FP while updating Utorrent

[attachment deleted by admin]

Hi MJ.nfl,

We have checked the file,of which the sha is “e2f72b48b995003085ef54935759274978d4877e” in our latest DB 2075 V(3.10.102363.531) and found not detected.Pls check the version of CIS whether it’s latest or not.If anything wrong,pls let us know.

Thanks and Regards,
hailong.■■■■

Hi MJ.nfl,

This is not an FP.As the file has two suffix,so it’s detected as Heur.Dual.Extensions.If you really want to continue use this file, You can add the file to the exclusion list.

Thanks and Regards,
hailong.■■■■

I have never kept this anti-virus on my computer. My computer has detected Cool Speech Installation as a virus and winrar and flash player as a virus. I have Heuristics off. The amount of FP is nuts. Its a turn off seeing common every day programs including flash player as a virus!

hailong.■■■■, thanks for trying.

I checked again now and it is still detected.

  1. CPU Athlon 64 X2 4600+
  2. Windows XP pro, service pack 3, 32 bit
  3. CIS 3.10.102363.531
  4. Antivirus - default settings
  5. Firewall - custom policy mode
  6. Defense+ - clean PC mode
  7. Administrator account

Virus database version 2079

Hi MJ.nfl,

The file is detected by CIS because it has two extensions. Multiple extensions is one of the procedures used by malware writers to trick the users into running the file. Heuristics implemented with CIS do warn about double extension of file and let user decide whether to continue or to remove it.

We are constantly building our list of safe files so heuristics will recognize the files which do not represent any kind of threat. Situations when files are misdetected by heuristics appear due to version change/update of programs. If a file is added to our safe list, only that specific file is considered safe, any change like replacing, updating or modifying the file in any way or using any method will not be considered safe and therefore, if some conditions are met, heuristics might be triggered until we confirm that file is ok and we add it to safe list.

You can submit any files you encounter that you believe are misdetected by CIS and we will add them to our safe list after confirming they’re safe to use. This can be done by following this link Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year .

Thanks and regards,
Ionel

Hello,

This is to inform you that false-positive with SignSIS-GUI.exe (SHA1: e2f72b48b995003085ef54935759274978d4877e) has been fixed. You can update to AV database Version 2082 of Comodo Internet Security Version 3.10.102363.531 and confirm it.

Regards,
Sonia Botezatu
Comodo Antivirus Lab.

Still detected

  1. CPU Athlon 64 X2 4600+
  2. Windows XP pro, service pack 3, 32 bit
  3. CIS 3.10.102363.531
  4. Antivirus - default settings
  5. Firewall - custom policy mode
  6. Defense+ - clean PC mode
  7. Administrator account

Virus database version 2082

Hi MJ.nfl,

This might be a FP fixing issue which we will investigate and try to discover where the problem is.

Thanks,
Ionel

I uploaded again.
Answer

Hello,

This is to inform you that file with SignSIS-GUI.exe (SHA1: e2f72b48b995003085ef54935759274978d4877e) is not detected by AV database Version 2082 of Comodo Internet Security Version 3.10.102363.531.

Regards,
Sonia Botezatu
Comodo Antivirus Lab.

PS: It is still detected as virus.

Hi,

When we scan this file in our environment, it doesn’t get detected.
Can you please password proetect this file and upload here so that other users can try to scan and confirm if that’s the case with them as well?

Thanks
-umesh

Password: FP

[attachment deleted by admin]

Comes up clean on my system…

Perhaps your download is corrupt?

Edit: Sorry, that was scanning the .exe from the site linked.

After realizing you had attached the file, I downloaded that as well and it came up clean as well.
DB 2085 Heuristics set to low.