False Positives Recorded Against Nirsoft Software


Like many enthusiasts I use some of the freeware utilities supplied by Nirsoft software (http://www.nirsoft.net). However both Comodo AV and AVG (my previous AV product) report malware detection against some of the executables. On his site there is a section dealing with false positives stating that many well-known AV products report these annoying results. He also states how to avoid getting these problems - preferably by contacting the AV provider.

I had hoped that Comodo AV might be more subtle in identifying AV threats but there is obviously a problem here. In the meantime I have added the Nirsoft products to my Comodo AV list of exclusions.

I am sure the AV writers will make the appropriate changes. In any case I really rate the Comodo AV program, hence the change from AVG.

Hi Superbrain31,

If you can find the FP file,you can submit through this link:http://internetsecurity.comodo.com/submit.php .Then we can go to have a look at it.

Thanks and Regards,

The problem with some of the Nirsoft applications is, that they can be used for malicious actions.
COMODO will accordingly detect them as “riskware” or “hacktool” or something similar.
Just have a look at the name of the malware COMODO detects. I think this characterization is fitting for the password sniffers for example.

In COMODO it’s less a problem of false positive detection (in this case), but a problem, that you can’t tell COMODO how to handle the different categories. All categories will raise the same alert!
I made a feature request about that - and probably there were also some others…
We’ll have to wait, what time will bring…

But what would be the problem then for

-Mozilla History View
-Mozilla Cache View
-GDI View
-My last search
-Recent Files View
-Shell Bags View

Those are also marked…

Hi Ronny,

The applications which have a history of being used by malware or are constantly bundled with will be categorized as riskware. This is to ensure that these are not used for malicious purposes. Any user which willingly install and use these programs can add them to exclusion list.

Please refer to this topic for more information.

Thanks and regards,

Hi Ionel,

Thanks for the feedback always appreciated, would it at least be possible to give them those “risk” names then, some of those are still identified as “Unclassified Malware” that will confuse users…

ApplicUnsafe will be much more clear in this case.