False Positive

CIS detects Indiv02.key and IndivBox.key as Heur.Suspicious.Attribs

Heuristics on High setting, but these files are also detected on Medium and Low settings.

Both these files were found in [b]C:\Documents and Settings\All Users\DRM\Cache[/b]

I googled these files, and they appear to be Microsoft Files files related to DRM in WMP.

Description from Process Library:

indiv02.key is a Individualized Black Box DLL belonging to Microsoft® DRM from Microsoft Corporation

indivbox.key is a Individualized Black Box DLL belonging to Microsoft® DRM from Microsoft Corporation

[b]CIS version: 3.8.65951.477

Database version: 1017

Operating System: Windows XP Professional SP3[/b]

Still getting this with database 1021…

BUMP! ;D

Hi Beanie,

Can u please submit the samples to us?.

refer : https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/reporting_false_positivessuspicious_files_submitting_them_to_the_lab-t27062.0.html

Thanks and Regards,
Suresh

E-mail sent, with password: infected

Thanks :slight_smile:

Hi Beanie,

FalsePositive Fixed.

Please confirm with our latest base.

Thanks for reporting FalsePostive. Appreciating your efforts.

Thanks and Regards,
Suresh.

FP confirmed fixed with database 1025.

Thanks, and no worries :slight_smile: