FP on a file in C:\WINDOWS\SoftwareDistribution\Download\

Hi, Comodo employees!

I have what appears to be a false positive on this file:

File: C:\WINDOWS\SoftwareDistribution\Download\642ace45800ffefd77231150a07a2bdfe170732c
Size: 13.5 MB (14,194,624 bytes)
Created: Tuesday, April 20, 2010
Modified: Tuesday, April 20, 2010

Comodo Antivirus alerts on the file with this:


Malwarebytes’ Anti-Malware says it’s clean.
Virscan.org results: all 36 scanners say it’s clean.

Virscan has among those scanners CAV, with DB 5127, and it didn’t alert on it! So why does my CAV? I’m on 5128 now, but the detection event was 6 hours ago, so I don’t know what my DB number was back then. However, 5128 still detects it, right now, on my PC.

Results of searching my Windows Update logfile on the filename: this file was apparently downloaded on 6/9/2010, and is apparently related to KB979906, and the log also says the file was Microsoft-signed. It is indeed Microsoft-signed (signed April 2), as shown on the file’s “Properties” tab.

Given all the evidence, I figure this has got to be an FP. Can you guys fix this, so I can remove this file from my CAV exclusions list? Thanks.

Hi puddingpants,

Thanks for reporting.We will check that and get back to you.


Wow, that was a fast reply! Thanks a lot!

Hi puddingpants,

Reported FP has been fixed in DB 5130.Please update and confirm it.

Thanks and Regards,

Confirmed, CAV no longer alerts on this file using DB 5130.

Thanks for the fast response!