False positives and exploits which are undetected

Security Products & Services Comodo WebInspector - CWI
1

We would be grateful for any information about false positives and exploits which are undetected by SiteInspector detection engine.

Thank you for all your feedbacks which help us to improve the detection technology.

2

Stickied.

3

http://siteinspector.comodo.com/public/reports/21003

http://siteinspector.comodo.com/public/reports/21007

:slight_smile:

http://siteinspector.comodo.com/public/reports/21016

4

idk if SI uses just the cloud or not.

but this is caught by comodo av but is said to be safe by SI

http://siteinspector.comodo.com/public/reports/21137

http://valkyrie.comodo.com/Result.aspx?sha1=328DFE45945A3E555614B8D83624C3D31BAB6453&&query=0&&filename=Le

http://www.virustotal.com/file-scan/report.html?id=3585fcbe71d13aeb9fb1f0e9a63f0e3e5b264d9b86249747ffe3cd04d4067e0e-1304142320

5

exploit:

http://siteinspector.comodo.com/public/reports/22005

6

http://siteinspector.comodo.com/public/reports/22441

7

This exploit http://siteinspector.comodo.com/public/reports/24028

creates this file on desktop: http://www.virustotal.com/file-scan/report.html?id=819805e042c621d2565b050fbce6f9dcde781d4ee2c4f7a8f2fa56b61d1cbe05-1304371147

and wants to run it.

(when you are using IE).

http://siteinspector.comodo.com/public/reports/30696 exploit not detected by si engine

active java exploit - http://siteinspector.comodo.com/public/reports/32379

undetected - http://siteinspector.comodo.com/public/reports/38213

8

it took a while but i finally found something thats undetected
http://siteinspector.comodo.com/public/reports/46941

http://valkyrie.comodo.com/Result.aspx?sha1=BDB0AEC982BFBCFBE65E16BB5BD832784ECB5CD5&&query=0&&filename=atualizar.exe

http://www.virustotal.com/file-scan/report.html?id=d68abae55e1dc9e8a20512437ea337a2404fcdf4a4e890a3de80f8852f989965-1307249089

9

It’s only because Comodo AV cannot detect it…
When it will be added to AV database it will be detected.
SI didn’t fail :).
Submit this file to the AV lab.

10

undetected java exploit
http://siteinspector.comodo.com/public/reports/108904

11

http://siteinspector.comodo.com/public/reports/171236

false positive

http://siteinspector.comodo.com/public/reports/171236 - FP? and other reffering to google

i believe that they are FP also:

http://siteinspector.comodo.com/public/reports/171426
http://siteinspector.comodo.com/public/reports/171379
http://siteinspector.comodo.com/public/reports/171658
http://siteinspector.comodo.com/public/reports/171625
http://siteinspector.comodo.com/public/reports/171553
http://siteinspector.comodo.com/public/reports/171497

12

if this is a FP then there are a lot because all its saying is a file was downloaded into temporary internet files which is what happens when you install a program

13

i think that it is working differently. it checks action preformed by browser without user premission.

14

maybe but i have tested SI against some legit download sites like filehippo.com and i put the link it for ccleaner installer and it flags it as a medium risk.

http://siteinspector.comodo.com/public/reports/172069

15

so that should be fixed asap …

16

idk if its a bug or if its desgined that way. maybe vadim or ross can give us some explanation

17

We are working to minimize the number of FP. Your feedback helps us. Next week we plan to release a new detection mechanism with a lot of improvements in this area.

SI also has the design misunderstanding - “Medium Risk” it’s a suspicious URL, so SI can’t say that this URL really malicious. I think we change this in the next version of SI Web (August).

18

thank you vadim, looking to test it in early august.

19

thanks for the response. hope the scanning process is faster. i have seen big improvements over time with the scan speed but certain sites still take a while
this is a great product and i cant wait to see how comodo integrates it into CIS and CD. its going to be very beneficial

20

has the new detection mechanism been released?