False positives are back

11 detections - all FP according to virus total.

Well you certainly seem to have a lot more than your share of problems. Most of your posts seem to be about them.

Maybe you should give details.

Could you tell us which files? at least the MD5

You can submit the False positives here:


I just report problem that I see.

It is frustrating to have the same problem over and over. Every ■■■■■ is not a virus. If 70-80 percent of other anti virus programs don’t detect them as a threat, why CIS has to.

I don’t plan to open topics for every unfixed FP. I use to do that before, but now there is an option when scan is finished to report them to Comodo as FP.

So why are they not fixed already.

PS: For some of those FP’s CIS says that they can’t be submitted. Why is that?

Can you give us the links of Virus total to this files?
The policy of all the AV vendors is include the cracks as malware, even if they are not harmful.
Wait a week and upload again the files to VT and you will see that almost the 100% of the AV’s detect your cracks/keygens as malware.

If you dont want to have problems add this files to the exclusion list of the AV.

I don’t suppose VirusTotal has a behaviour analysis. ;D

Ah… I know what you mean…
You should read this: https://forums.comodo.com/av-false-positivenegative-detection-reporting/cis-malware-naming-rules-for-potentially-dangerous-applicationsriskware-t38506.0.html

Comodo should add a link in the virus alert to explain what the keyword mean…
You can only call a FP if you see “heur.” in the alert, because it’s a detection based on heuristic.

PS: For some of those FP's CIS says that they can't be submitted. Why is that?
Maybe because it's in an archive?

Please submit them as described in How to report False Positives - Please read this before submitting !.

Moved the f/p board where it belongs.


As I said, I don’t plan to do that. Unless you are telling me that reporting through CIS isn’t working.
Links to virus total files.

[attachment deleted by admin]

As you can see, fourth link isn’t detected by Virus total. Let me explain why.

I had to unpack the archive where the fourth detection was made because it was to big to submit to virus total.
When I’ve unpacked the archive CIS didn’t detect the file as a virus anymore. Unbelievable.
Do you mean to tell me that unpacking archives solves FP’s. ???

PS: Where are the 7 other false positives that I talked about, you probably ask. Well, when I did a second scan result was 4 viruses as you can see in the picture above.
It seems that they got fixed or Comodo wants us to think that. Other 7 files where successfully submitted after the scan through CIS.
There is no way that 7 FP’s where fixed that fast. It seems to me that when you submit a suspicious file to Comodo, they simply choose not to detect that file on your system anymore, thus creating an illusion of problems getting fixed.

Funny thing, now your second link and fourth link are detected as virus :smiley:
Well… In fact, your second link was already detected correctly by CIS, but you didn’t listened and reported it as FP…
Roboform stores password… it’s a little bit unsafe…

32,6% detection rate for the second link. And in big part, all the anti virus programs that have detected it as a threat are some bad programs. None of the better programs hasn’t detected it as a threat including: Kaspersky, Antivir, Avast, Bitdefender, AVG, NOD32.
For the fourth link I don’t understand your comment. It’s not even detected by CIS when unpacked from the archive, it’s only detected when in archive. See my post above on that subject.

On the other subject of 7 FP’s that are not detected anymore I can report that I was right.
I just did a scan on my PC at work (Windows XPx32) where I have similar programs installed and as a result I’ve received all FP’s, including two that are not detected anymore on my home PC. See the picture.

[attachment deleted by admin]