"False positive" with keyboard soft

At first - sorry for my bad English 'cause it’s not my native lanquage.

So, to the subjekt. When I’m purchased new keyboard (A4Tech X7 G800MU) I for sure want to use all functionality so downloaded required software from vendor’s website. When installation begun, CIS alerts me that there are “keyboard hooks”. Thanks, baby! I know it! But I have not any choice - CIS grabbed some .dll’s and move them to quarantine. Clearly understand, 'cause “keyboard hooks”.
Well, let’s add installation files to “trusted” files. And reboot mashine. Just in case…
Did not help.
Well, add the destination directory to the “trusted” files. Did not help. Understand, but…
Well… Power off the Net, power off the CIS, try to install needed software - OK. Add again install directory to “trusted” files, tell the CIS “It’s learning mode now!” ;D Reboot the mashine.

When boot is complete - all needed .dll’s are grabbed and moved to quarantine…
I’m then detected “suspicious” .dll’s and add them separately to the “trusted” files ('cause some of them fly to Program Files (x32) and System32 folders) - :-TD no way…

■■■■… I’m almost ready to change keyboard…
I’ll be glad to hear any helpful opinions 'cause I’d rather change keybord than CIS.

I forgot to say that I report that issue to A4Tech support with proposal to connect with some authority from Comodo Team in meaning to correct current and maybe future issues between each other’s software.

Hi Yezhishe,
Welcome to the forum

1st the short message:
As soon as you install any security Software (and I mean - any) you have to go through all setting and disable automatic quarantine/deletion. Period!
You should not allow any security to automatically delete/quarantine anything. Set it only to Alert you.

That will make life easier in order to investigate particular case in the first place, but ultimately that will someday save your system being damaged beyond repair :wink:

As for your request - you did not provide much info about your system and particular keyboard
Well, if you can restore those DLLs from quarantine and send them to Comodo developers together with an additional information about the keyboard/manufacturer/the site, etc. they will be able to fix some stuff (let’s hope)


Thanks for fast respond!
Sorry but I wrote about keyboard

I’m purchased new keyboard (A4Tech X7 G800MU)

Previous KB was Logitech Media (Y-BH52), served me well six or seven years.
About hardware - my fault.
That is:
Gigabyte MA790X-UD3P
AMD Phenom II X4 980 (overclocked drom default 3.2 Ghc to 4.5Ghc)
WDC WD1500HLFS-01G6U1 as System disk and 4 other HDD’s
3 ODD (2 DVD writers and one reader)
Creative Sound Blaster X-Fi

OS is Win Seven Pro x64 enough fresh installed (about two weeks).

About disabling automatic quarantine & deleting… Thank Gods - I rarely have any threats 'cause I’m as accurate as possible on the Net :wink: so don’t ever think about turning off that function.
Thanks, I’ll try that way. And for sure - report results. Maybe will be helpful to somebody.

Tryin’ but have not the option to disable Auto quarantine or deleting detected threats. Only “Block” or “Quarantine”… Or turning off the scaner. Screenshot 1.
Version of CIS. Screenshot 2

[attachment deleted by admin]

Auto quarantine is disabled by default. You say you have added the files to trusted and that didn’t work. Have you tried to add them to exclusions under the scanner settings tab ? Disable the AV, remove files from quarantine if there, add them to exclusions, enable the AV, and reboot. See if that helps.

report back ;D

Also, please report them as false positives via the form on this page.

Hi sAyer,

OP (Yezhishe) posted an images. The language is Russian
I don’t see the default auto-quarantine being disabled there
The drop-box options are (translated by me):

  • Put(move) dangerous files into quarantine
  • Block dangerous files

Probably that is wrong window
Can you please provide an image of that one, with the default “No auto!” / “No blocking” included, but just “Notify” I was talking about
I’m sure Yezhishe will get it or I will translate it


Hi SiberLynx,

Your correct with the new installer it does enable this unless you do a custom install. Seems like this needs to be unchecked and the files added to exclusions for scanning and that should fix his problem.

As for the default install options the firewall ,defense+, and sandbox option seem beneficial for a novice user. The disable alerts for the AV (auto Quarantine) seems a little careless. If the AV happens to have a false positive with a crucial system file then it could be trouble. Just my opinion.

But hey this is their taco stand, I’m just going to shut the hell up and fold the burritos. ;D

Screen capture coustesy YouTube

[attachment deleted by admin]

Thanks all again!
You are right - I’m Russian, so OS have Russian UI too. By that installer of the CIS can be downloaded only in Russian (but I’ll prefer English if it were possible).

2 sAyer
Yes, I try all possible (in my version of CIS) options to exclude “problem files” from scanning routine - no way.

Probably that is wrong window
Unfortunately, window is right...

I send the installer to analysis (with comment, naturally) - maybe that help.

Thanks for the reply Yezhishe,

Sorry for some misunderstanding, but by “wrong window” I meant that maybe there is another one. My bad :slight_smile:
Well, I gave up on Comodo’s AV looong ago
Point was that all AV’s I’ve tested have those settings for the actions re: suspects - quarantine; delete; or just alert/notify/report whatever you can call it

Good move


Agreed. However, just FYI, any trusted files will not be scanned by the AV. Thus, any files signed by Microsoft can not be falsely detected.

Hi all!
I have an answer from analytics:


This is to inform you that the file you have submitted to us has been checked.
Sha:1823eb2b4218931556c3f5f7c83accad17b48b8a eka25_setup.zip

The files detected in the package submitted by you aren’t malware, but are detected as potentially dangerous applications.

If you plan to further use this application, you can add the detected files to your “Exclusions” list.

Sure that “keyboard hooks” are potentially unsafe 'cause they seem as keylogger or something like - but how it may behave if program must use additional keys? ;D
So - well. Thanks for participating, I think the problem is almost solved as much as it possible…

Best regards!

Greetings all!

The files detected in the package submitted by you aren't malware, but are detected as potentially dangerous applications.
Pretty much weak answer from the developers IMHO, therefore indeed it’s “[i]almost [/i]solved”, since if the keyboard driver Software installation is legit that must not happen... I have changed dozens of keyboards from many vendors – no issues; I have many of those “hooks” from 3rd party vendors, since using audio editing with many VST/Directx Plugins & standalone “keyboard aware” instruments. To make the story short – currently (stressing) none of AV’s I’ve tested are flagging those

… hmm … since you responded I would like to argue & disagree by saying: - that’ s another weak point
So, what you are basically saying: Comodo AV will easily miss any malware signed by Microsoft
(like “Flame” … similar will follow)
probably by other “legit” vendors like Adobe & …, etc. Very long list actually (how many are found every day, as a matter of fact? :wink: , I hope, as an expert, you do know ~ figures)
system files signed by MS but being modified by polymorphic (or other) infection like

C:\WINDOWS\system32\wuauclt.exe detected: Win32.Polip.A (B)
That is only one example, but it seems to me that mentioned file ([i]signed by Microsoft[/i]) is quite important one, isn’t it?

note: I am not expecting “default deny and Defense+ power”, which can be circumvented as a matter of fact… we are talking about AV here