False positives after V3.8 update

Rabnoolas · February 19, 2009, 8:26pm

My comodo has just updated itself to v3.8 and is now reporting (falsely) gp.ocx as a virus.

umesh · February 19, 2009, 8:57pm

Hi,
Can you please give us exact name as shown by CIS 3.8?
And if possible, please upload here file in question.

Thanks
-umesh

llama · February 21, 2009, 10:47am

I had tons of false positive after last update too, had to install another antivirus software and reinstall CIS with only firewall enabled, please keep the comunity updated when this will be sorted out.

the virus detected was Heur.Pck.MEW and it was in craploads of files in my system32 folder that I suspect were linked to Intel Desktop Utilities as it stopped fonctioning when I started to quarantine the first alerts.

toshea68 · February 21, 2009, 1:13pm

I too have had the same problem as you, only I know that Tune Up Utilities should not contain malware. I have used it for 4 years without any problems before. I have used Comodo For 3 years now and it’s only now that this false positive has occurred, since the 3.8 upgrade.

The files being reported are “.bpl” which I believe are Borland Packed Libraries? I’m not 100% on this as I’m not a programmer. My solution to this was to put them in “My Safe Files”.

hlb · February 22, 2009, 5:18am

Hello,

I am also getting false positives on most everything since the 3.8 update.

hlb

pgeraf · February 22, 2009, 11:28am

After automatically updating my Comodo Firewall to version 3.8.64739.471, my Avast! antivirus has found signs of Win32Crypt-IN(Trj) in: “C:\Program files\Comodo\Firewall\SCANNERS\heur.cav” file. Should I be concerned or consider it as a False Positive?

Rabnoolas · February 23, 2009, 8:33pm

Log says heur.packed.unknown, file name is gp.ocx. I have checked it with your tool and it reports it as not a threat. I now have this file in my exclusions.

anonymous · February 23, 2009, 8:36pm

had to install another antivirus software

You know, instead of installing another antivirus, you could just turn the heuristics off, since that is the cause of the FP’s…

Just my 2 pennies (not cents, I’m english ;))

RebLMunkE · February 24, 2009, 3:51pm

Ummm yeah CIS went nuts !!! haha…I’m getting that same Heur.Pck.MEW in .bpl files from some system related tools from IObit.

Also the Java script thing I posted on here a little while back jquery[1].js has been poping up again in the same way it did before…My heuristics are set to low if that helps at all.

CIS ver. 3.8.64739.471

VirSig ver. 992 (Just updated moments ago)

Ramanan · February 28, 2009, 5:56am

Hi Rabnoolas,

Please submit the file in question to the lab

Thanks,
Ramanan

ukorkmaz · March 5, 2009, 7:38am

My CIS version is 3.8.65951.477. When I start adobe acrobat downloader (To install acrobat reader 9) I get a CIS alarm which says “Attack dedected”, then when I press the OK button, closes the download window of acrobat reader. The explanation says, “buffer overflow attack” and the suspicius file is gp.ocx. I think gp is initial of the getPlus which is the producer of the downloader.

Is there possibility to include virus or this is a false alarm ?

system · March 5, 2009, 7:49am

This is not a false positive. This is a real Buffer Overflow Vulnerability in Adobe Reader…

See my thread about this issue.

Cheers,
Josh