False positives check

  • I would like to see a feature that gives cavs the possibility to check the quarantine folder after each update, in this way the quarantine folder gets scanned and compared with the updates and sig database to see if there has been quarantined legitimate files and programs.

  • Also I would like to see the ability to right click found threats and send them to comodo to let them examine the files and see if it is a false positive.


This is a goooooood idea. If your wish comes true, I wouldnt have to restore my quarantine items, do a scanning and see if it’s still a virus or not!

Yes this is very helpfull to deal with FP. ;D

Hope V4 will have this

+1 on both counts.

Me too.

The example pic below (made by a user) was posted in the usability forum

[attachment deleted by admin]

I’ve sent several FP’s in months ago, and they are still being detected as viruses. :frowning:

Oh well, you got my vote…

Maybe Comodo views them as suspicious? What are they classified as?

The first one:
Heur.Pck.tElock (.dll file)

The second one is software to update the HOST file:

I just add them to the exception list and forget about it. The first file is not detected by the VirusTotal v1211. I have the same definition and it’s detected (of course I have everything set to high though).

I would say the second one is a trojan not a FP

It’s a small file (13kbs). It simply connects to mvps.org and downloads/replaces the HOST file with the current version. I know a lot of the AV’s detect it as a Trojan, but I feel they are FP’s.

Comodo says it connects to TCP (msvp’s site). No other connections to the outside world. It does indeed update the HOST file, and I have yet to see any additional processes execute when running it.

can you pm a link to it so I can check it out

+1 :-TU :-TU :-TU :-TU :-TU :-TU

Indeed a very useful option to have.

Also it shpould have “Automatic Rescan Quaratine” too.
To define some previously detected item in quarantine was a false positive.

here is more research on the host file program




from what I can find it does what it says, so I would label it at a potentially unwanted program, the main problem is that it can be combined with other malware to really mess up your system.

Please don’t hijack this topic. Make sure to submit your FP’s following How to report False Positives/Suspicious Files & How to Submit them ; notice that using CIMA does not provide feedback and the mentioned topic does.

The FP guys are usually very prompt in their responses and they even have the Post here your unfixed FP’s (only after 2 days)topic.

+1 that will be benificial. :a0