False Positive

So, I’ve just been informed that you (and others) are detecting a file from my site as a false positive.

Tested with

First, the file in question:
http://www.bvecornwall.co.uk/downloads/cl117.exe

This is a WinRarSFX archive with a custom icon, and is detected as a generic heuristic detection.
I think you’re primarily picking up on the OS_ATS1.dll file packed within the archive, which you detect as Backdoor.Win32.Xeol.g
I have the source for this file if you wish to see it (I compiled it myself with a couple of small modifications to the original source in 2005; I can’t get it to correctly recompile on my current Windows 8 box at the minute, I think there have been some changes in the GCC/ MingW headers somewhere)

I have attempted to report this via the web interface, but it’s not letting me upload any files.

Cheers

Hello leezer3,

Thank you for reporting,
We’ll check this and get back to you soon.

Best regards,
Gnaneswaran

Thanks.
I’m happy enough to repack the SFX archive into a plain zip etc. so I think the main issue here is the detection on OS_ATS1.dll

Cheers

Hi,leezer3

This is to inform you that false-positive has been fixed.
You can update to AV database Version <18172> of Comodo Internet Security Version<7.0.317799.4142> and confirm it.

Best regards
Chunli.chen

Removed, thanks :slight_smile:

Only another 16 to go… (I wish I’d noticed this earlier, first I knew of it was a user reporting Chrome blocking files…)