False positives after V3.8 update

My comodo has just updated itself to v3.8 and is now reporting (falsely) gp.ocx as a virus.

Can you please give us exact name as shown by CIS 3.8?
And if possible, please upload here file in question.


I had tons of false positive after last update too, had to install another antivirus software and reinstall CIS with only firewall enabled, please keep the comunity updated when this will be sorted out.

the virus detected was Heur.Pck.MEW and it was in craploads of files in my system32 folder that I suspect were linked to Intel Desktop Utilities as it stopped fonctioning when I started to quarantine the first alerts.

I too have had the same problem as you, only I know that Tune Up Utilities should not contain malware. I have used it for 4 years without any problems before. I have used Comodo For 3 years now and it’s only now that this false positive has occurred, since the 3.8 upgrade.

The files being reported are “.bpl” which I believe are Borland Packed Libraries? I’m not 100% on this as I’m not a programmer. My solution to this was to put them in “My Safe Files”.


I am also getting false positives on most everything since the 3.8 update.


After automatically updating my Comodo Firewall to version 3.8.64739.471, my Avast! antivirus has found signs of Win32Crypt-IN(Trj) in: “C:\Program files\Comodo\Firewall\SCANNERS\heur.cav” file. Should I be concerned or consider it as a False Positive?

Log says heur.packed.unknown, file name is gp.ocx. I have checked it with your tool and it reports it as not a threat. I now have this file in my exclusions.

had to install another antivirus software

You know, instead of installing another antivirus, you could just turn the heuristics off, since that is the cause of the FP’s…

Just my 2 pennies (not cents, I’m english ;))

Ummm yeah CIS went nuts !!! haha…I’m getting that same Heur.Pck.MEW in .bpl files from some system related tools from IObit.

Also the Java script thing I posted on here a little while back jquery[1].js has been poping up again in the same way it did before…My heuristics are set to low if that helps at all.

CIS ver. 3.8.64739.471

VirSig ver. 992 (Just updated moments ago)

Hi Rabnoolas,

Please submit the file in question to the lab


My CIS version is 3.8.65951.477. When I start adobe acrobat downloader (To install acrobat reader 9) I get a CIS alarm which says “Attack dedected”, then when I press the OK button, closes the download window of acrobat reader. The explanation says, “buffer overflow attack” and the suspicius file is gp.ocx. I think gp is initial of the getPlus which is the producer of the downloader.

Is there possibility to include virus or this is a false alarm ?

This is not a false positive. This is a real Buffer Overflow Vulnerability in Adobe Reader…

See my thread about this issue.