Flase Positive Again

HKer · March 3, 2010, 10:08am

After downloading antivirus definition today, it prompt the following suspected “virus”

c:\windows\servicepackuninstall\rcimlby.exe
c:\windows\servicepackuninstall\net.exe

After choosing “isolate”, nothing can be found in isolation area. What happen?

Kyle142 · March 3, 2010, 10:19am

Perhaps your referring to a defense+ alert? These are different to your anti virus alerts.
Can you please send those files to www.virustotal.com and get other opinions ont hese files? if they are safe, then you should go to comodo → defense+ → My security policy and remove the rules u made to isolate this application.

HKer · March 3, 2010, 1:10pm

no la, it is detected by antivirus module, instead of defense+ module
btw, Dr Web CuerIT is also detected by Comodo Antvirus as “VIRUS”, so strange

Kyle142 · March 3, 2010, 3:13pm

Please report the false positive to Drweb so they can fix the issue with comodo. As for your original issue pls upload the file to www.virustotal.com to get more “opinions” on the safety of these 2 files.

e_xistense · March 3, 2010, 4:34pm

Hello HKer,

Please submitted the files as false-positives at Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year and you receive back the conclusion of analysis by email.

Regards,
Ionel

HKer · March 4, 2010, 12:39am

I wish I could send it to comodo for further investigation. However, I can’t do it. It is because I can’t find such files anymore. They are not stored in Isolated Area of comodo (even thought I chose to isolate them). How can I find them? Any hint?

BTW, I don’t think Dr Web will aid the issue. After all, it is comodo’s fales positive. I have checked Dr Web CureIT with Avira, Kapersky, etc. There’s nothing wrong with DR Web.

Chiron494 · March 4, 2010, 2:56am

If you check your AV logs it should give the file path for anything that it identified as malicious or suspicious. From there you should be able to locate the files and report them.

OmeletGuy · March 4, 2010, 3:12am

They could also be hidden files, that could be why you cant see them.

HKer · March 4, 2010, 6:28am

so what can i do?
if they’re infected files, where did they go?
are they removed?

Kyle142 · March 4, 2010, 9:40am

I mean that, DrWeb reports files of comodo as malware? Then u should report it to Drweb cause that is not true.

HKer · March 4, 2010, 12:51pm

no la, comodo treats Dr Web as virus instead

umesh · March 4, 2010, 2:28pm

If you isolated those files via Defense+ alert, please check
Defense+ → Common Task -->My Blocked Files

You should find isolated files there.

Thanks
-umesh

HKer · March 5, 2010, 2:15am

In AV log, there is such event, but no isolated files.
In Defense+, there is no such event / file.

It is not related to Defense+

Kyle142 · March 5, 2010, 3:23am

Sorry, My mistake! I read it wrong.

In your OP you said;

After choosing "isolate", nothing can be found in isolation area. What happen?

That option is only presented with an Defense+ alert.. I think that's what has thrown us off ?

Anyway, I think the main thing is to get these files looked at! you asked earlier how to view hidden files so you can find them… I hope this helps.

How to show hidden files in Windows;;