False postive in Could Lookup

Comodo firewall version 8 cloud lookup is buggy.

A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
Yes the problem can be reproduced.

If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1:Download a setup file
2:Try installing the application

One or two sentences explaining what actually happened:
This happens during installation of software’s. It flags unrecognized files as malware.

In addition Cloud lookup detects those unrecognized files as malware even if computer is not connected to internet.

One or two sentences explaining what you expected to happen:
i expect to get HIPS message asking whether to allow the installation to continue or not

If a software compatibility problem have you tried the advice to make programs work with CIS?:

Any software except CIS/OS involved? If so - name, & exact version:
download.ninja_build28, CrystalDiskInfo 6.2.2, Greenshot, VoodooShield 2.12 , MPC-BE x64, processhacker 2.33, SoftPerfect RAM Disk 3.4.6, K-Lite_Codec_Pack_1090_Standard

Any other information, eg your guess at the cause, how you tried to fix it etc:

Exact CIS version & configuration:

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
D+/HIPS Enabled in Safe mode, Autosandbox disabled, Firewall Enabled in Safe Mode

Have you made any other changes to the default config? (egs here.):
theme changed, Firewall traffic animation OFF, messages from comodo message center OFF.

Have you updated (without uninstall) from CIS 5 or CIS6?:

Have you imported a config from a previous version of CIS:
Config from Comodo 8 beta was automatically added this version
if so, have you tried a standard config - if not please do:
Yes i deleted the old comodo 8 beta config and now i am using default "comodo firewall security " config

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 8.1 Pro with latest update, 64 bit, UAC set to “Never notify”, Account type “Administrator”, No virtual machine installed

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=360 Total Security version 5 which has sandbox feature b=

Youtube demo : - YouTube

[attachment deleted by admin]

I reported the same issue here: https://forums.comodo.com/av-false-positivenegative-detection-reporting/false-positive-t108473.0.html

Can you update to AV database Version <20360> of Comodo Internet Security Version<> and confirm that is is resolved?

You can also uncheck “DO NOT show popup alerts” in the “File Rating” settings so that you are prompted for what to do instead of CIS auto blocking the file.

This issue is related to AV definitions, unless you prove it’s a bug with more detailed steps.


I think this is a bug, If you check the post I linked, many different program installers and updaters are detected by the cloud scanner even though they are safe. It seems that CIS doesn’t like when .tmp files are loaded into the memory and flags them as a cloud threat and blocks them.

Not reproducible on my system. Any other hints?
Please attach your configuration.


I think agree with Qmarius, most likely a set of false positives based on a signature family being over-generic.

I will merge with the appropriate topic, however if Comodo AV guys say on reflection it is a bug, please get any active mod to move back here.

Kind regards